WORLD INTELLECTUAL PROPERTY ORGANIZATION 
International Bureau 




PCT 

INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) International Patent Classification 6 : 




(11) International Publication Number: 


WO 99/24928 


G06F 17/60 


A2 




20 May 1999 (20.05.99) 




(43) International Publication Date: 



(21) International Application Number: PCT/US98/23648 

(22) International Filing Date: 6 November 1998 (06.11. 98) 



(30) Priority Data: 
08/965,185 



6 November 1 997 (06. 1 1 .97) US 



(71) Applicant: INTERTRUST TECHNOLOGIES CORP. 
[US/US]; 460 Oakmead Parkway, Sunnyvale, CA 94086 
(US), 

(72) Inventors: SHEAR, Victor, H.; 5203 Battery Lane, Bethesda, 

MD 20705 (US). VAN WIE, David, M.; Apartment 216, 
965 East El Camino Real, Sunnyvale, CA 94087 (US). 
WEBER, Robert, P.; 215 Waverley Street #4, Menlo Park, 
CA 94025 (US). 

(74) Agent: FAR1S, Robert, W.; Nixon & Vanderhye P.C., 8th floor, 
1 100 N. Glebe Road, Arlington, VA 22201 (US). 



(81) Designated States: AL, AM, AT, AU, AZ, BA. BB, BG, BR, 
BY, CA, CH, CN, CU, CZ, DE, DK, EE, ES. FI, GB, GE, 
GH, GM, HR, HU, ID, 1L, IS, JP, KE, KG, KP, KR, KZ, 
LC, LK, LR, LS, LT, LU. LV, MD, ,MG, MK; MN, MW, 
MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG, Si, SK, SL, TJ, 
TM, TR t TT, UA, UG, UZ, VN, YU, ZW, ARIPO patent 
(GH, GM, KE, LS, M W, SD, SZ, UG, ZW), Eurasian patent 
(AM, AZ, BY, KG, KZ, MD, RU, TJ, TM). European patent 
(AT, BE; CH, CY, DE, DK, ES, Fl. FR, GB, GR. IE, IT, 
LU, MC, NL, PT, SE), OAPI patent (BF, BJ, PF, CG, CI, 
CM, GA, GN, GW, ML, MR, NE t SN, TD, TG). 



Published 

Without international search report and to be republished 
upon receipt of that report. 



(54) Title: SYSTEMS AND METHODS FOR MATCHING, SELECTING, NARROWCAST1NG, AND/OR CLASSIFYING BASED ON 
RIGHTS MANAGEMENT AND/OR OTHER INFORMATION 

(57) Abstract 

Rights management 
information is used at 
least in part in a matching, 
narrowcasting, classifying 
and/or selecting process. A 
matching and classification 
ulility system comprising 
a kind of Commerce 
Utility System is used 
to perform the matching, 
narrowcasting, classifying 
and/or selecting. The 
matching and classification 
utility system may match, 
narrowcast, classify and/or 
select people and/or things, 
non-limiting examples of 
which include software 
objects. The Matching 
and Classification Utility 
system may use any 
pre-existing classification 
schemes, including at least 
some rights management 
information and/or 
other qualitative and/or 
parameter data indicating 

and/or defining classes, classification systems, class hierarchies, categroy schemes, class assignments, category assignments, and/or class 
membership. The Matching and Classification Utility may also use at least some rights management information together with any artificial 
intelligence, expert system, statistical, computational, manual, or any other means to define new classes, class hierarchies, classification 
systems, category schemes, and/or assign persons, things, and/or groups of persons and/or things to at least one class. 




864 



USffiMPO 




FOR THE PURPOSES OF INFORMATION ONLY 



Codes used to identify Slates party to the PCT on the front pages of pamphlets publishing international applications under the PCT. 



AL 


Albania 


ES 


Spain 


LS 


Lesotho 


51 


Slovenia 


AM 


Armenia 


FI 


Finland 


LT 


Lithuania 


SK 


Slovakia 


AT 


Austria 


FR 


France 


LU 


Luxembourg 


SN 


Senegal 


AU 


Australia 


GA 


Gabon 


LV 


Latvia 


sz 


Swaziland 


AZ 


Azerbaijan 


GB 


United Kingdom 


MC 


Monaco 


TD 


Chad 


BA 


Bosnia and Herzegovina 


GE 


Georgia 


MD 


Republic of Moldova 


TG 


Togo 


BB 


Barbados 


GH 


Ghana 


MG 


Madagascar 


TJ 


Tajikistan 


BE 


Belgium 


GN 


Guinea 


MK 


The former Yugoslav 


TM 


Turkmenistan 


BF 


Burkina Faso 


GR 


Greece 




Republic of Macedonia 


TR 


Turkey 


BG 


Bulgaria 


HU 


Hungary 


ML 


Mali 


TT 


Trinidad and Tobago 


Bj 


Benin 


IE 


Ireland 


MN 


Mongolia 


UA 


Ukraine 


BR 


Brazil 


IL 


Israel 


MR 


Mauritania 


UG 


Uganda 


BY 


Belarus 


IS 


Iceland 


MW 


Malawi 


US 


United States of America 


CA 


Canada 


IT 


Italy 


MX 


Mexico 


uz 


Uzbekistan 


CF 


Central African Republic 


JP 


Japan 


NE 


Niger 


VN 


Viet Nam 


CG 


Congo 


KE 


Kenya 


NL 


Netherlands 


YU 


Yugoslavia 


CH 


Switzerland 


KG 


Kyrgyzsian 


NO 


Norway 


ZW 


Zimbabwe 


CI 


C6te d'lvoire 


KP 


Democratic People's 


NZ 


New Zealand 






CM 


Cameroon 




Republic of Korea 


PL 


Poland 






CN 


China 


KR 


Republic of Korea 


PT 


Portugal 






CU 


Cuba 


KZ 


Kazakstan 


RO 


Romania 






CZ 


Czech Republic 


LC 


Saint Lucia 


RU 


Russian Federation 






DE 


Germany 


LI 


Liechtenstein 


SD 


Sudan 






DK 


Denmark 


LK 


Sri Lanka 


SE 


Sweden 






EE 


Estonia 


LR 


Liberia 


SG 


Singapore 







WO 99/24928 PCT/US98/23648 



SYSTEMS AND METHODS FOR MATCHING, 
SELECTING, NARROWCASTING, AND/OR 
CLASSIFYING BASED ON RIGHTS 
5 MANAGEMENT AND/OR OTHER 

INFORMATION 

FIELDS OF THE INVENTIONS 

The inventions relate to electronic rights and transaction 
management. More particularly, the inventions relate to automated 

10 systems, methods and techniques for efficiently matching, selecting, 
narrowcasting, categorizing and/or classifying in a distributed 
electronic rights and/or other event and/or transaction management 
environment. For example, the inventions provide electronic 
computer based systems, methods and techniques for matching, 

1 5 classifying, narrowcasting, and/or selecting digital information 
describing people and/or other things. This matching, classifying, 
narrowcasting, and/or selecting can be based, at least in part, on 
elements of rights management information and/or one or more other 
categories of information — wherein such information is used for 

20 efficient, trusted event management assuring the execution of one or 
more controls related to, including, for example, consequences of 
processing such digital information describing people and/or other 
things. The present inventions also provide systems and methods for 
efficiently determining class hierarchies, classification schemes, 

25 categories, and/or category schemes and/or the assignment of objects, 
persons and/or things to said class hierarchies, classification schemes, 



WO 99/24928 PCT/US98/23648 

2 " 

categories, and/or category schemes using at least some rights 
management information. 

BACKGROUND AND SUMMARY OF THE 
INVENTIONS 

♦ i 

5 The modern world gives us a tremendous variety and range of 

options and choices. Cable and satellite television delivers hundreds . 
of different television channels each carrying a different program. 
The radio dial is crowded with different r^dio stations offering all 
kinds of music, news, talk, and anything else one may care to listen 

1 0 to. The corner convenience store carries newspapers from around the 
country, and a well stocked newsstand allows you to choose between 
hundreds of magazines and publications about nearly every subject 
you can think of. Merchandise from all comers of the world is readily 
available at the shopping mall or by mail order. You can pay by 

1 5 check, in cash, or using any number of different kinds of credit cards 
and ATM cards. 

This tremendous variety is good, but it also presents problems. 
Sometimes, it is hard or inefficient for us to find what we want and 
need because there are too many things to evaluate and choose from, 
20 and they are often located in too many places. We can waste a lot of 
time searching for the things we need or want at the right price, with 
the rights features, and at a particular time. 

Sometimes, we never find things that satisfy what we feel we 
need or want. This happens when we don't know what to look for, 



WO 99/24928 PCT7US98/23648 

3 

how to look for it, or don't have the necessary assistance or tools to 
search successfully. For example, we may not know the best way of 
looking for something. Sometimes, we know what we are looking for 
but can't express or articulate it in ways that help us look. And 
5 sometimes, we don't even know what we are looking for. You may 
know you need something, know its missing, but never really know 
how to communicate to others what you are looking for. For 
example, someone who speaks only English may never find resources 
using Japanese or Spanish. In general, we often don't have the time 
1 0 or resources to look for all the things that would give us the most 
benefit or make us the most satisfied. 

It's Hard To Find Mass Media Things You Want Or 
Need. 

Figure 1 A shows, as one example, how frustrating it can be to 
1 5 find anything to watch on the hundreds of television channels that 
may be available. The man in Figure 1 A spends a lot of time 
"channel surfing," trying to find something he is interested in 
watching. He may be moderately interested in golf, but may not like 
the particular golf tournament or golf players being broadcast at 7 
20 o'clock on a particular channel. After flipping through other 

channels, he might think an action movie looks interesting only to 
find out after watching it for a while that he isn't really interested in it 
after all. A documentary on horses also seems interesting at first, but 
he finds it boring after watching it awhile because it doesn't give him 
25 the kind of information he is interested in. The whole process can be 



WO 99/24928 PCT/US98/23648 

4 

frustrating and he may feel he wasted a lot of time. Figure IB shows 
the man getting so frustrated at the wasted time and energy that he 
thinks that maybe watching television is just not worth it . What the 
man really needs is a powerful yet efficient way to find those things 
5 that most satisfy his desires - that is, match his needs and/or his 
interests. 

Our Mail Overloads Us With Things We Don't Want 

or Need " ' , 

The same thing can happen with information sent to us in the 
10 mail. It can be fun to receive some kinds of mail, such as personal 
letters, or magazines and catalogs on topics of personal interest. . 
Certain other mail, such as bills, may not be fun but are usually 
important. Unfortunately, our mailboxes are typically overflowing 
with yet another kind of mail commonly referred to as "junk mail." 
1 5 The person in Figure 2 finds his mailbox stuffed to the overflowing 
point with mail he never asked for and has absolutely no interest in. 
Most of this junk mail ends up unread and in the trash. However, it 
can take a long time to sort through all this mail to be sure you are 
only throwing out only the junk mail and not the good mail you are 
20 interested in or need. For example, it's sometimes hard to distinguish 
credit card bills from offers for new credit cards you don't need or 
want. Wouldn't it be useful if your mail could be automatically 
"cleaned" of the mail you had no interest in and you received only the 
mail you wanted or needed? 



WO 99/24928 PCT/US98/23648 

5 

» 

Sorting through things to identify things you might want, then 
selecting what you actually want, can be a frustrating and time 
consuming experience. For example, it wastes the time of th^ person 
who receives the junk mail, and it also wastes the time, money and 
5 effort of the people who spend their money to send mail to people 
hoping that they will buy their products. 

As frustrating as finding and selecting may be to consumers, 
they often create even greater problems for businesses and people 
who want to locate or provide information, goods and services. It is 

10 often said, that in the world of business, 'Information is Power 11 and 
"efficiency is the key to success." To find or sell the most relevant or 
useful information and to provide the ability to most efficiently allow 
business to operate at its best, we need easy-to-use tools that can help 
us navigate, locate, and select what matches our interests. In the 

1 5 modern world, it is often difficult to find out what different people 
like, and to supply people with the opportunity to select the best or 
most satisfying choices. 

Past attempts outside the computer world to match up people 
with information, goods and/or services have had limited success. 
20 For example, attempts to "target" mass mailings may increase the 

chance that they will go to people who are interested in them, but the 
entire process is still very wasteful and inefficient. It is considered a 
good success rate to match the interests of only a few percent of the 
recipients of "junk" mail. Telemarketing campaigns that use the 



WO 99/24928 PCI7US98/23648 

6 

telephone to reach potential consumers can be very expensive, very 
annoying to consumers who are not interested in the products being 
marketed, and very costly and inefficient. A much more ideal 
situation for all concerned is enabling businesses to send information 
5 only to individual consumers likely to find the information 

interesting, desirable, convincing, and/or otherwise useful. That way, 
businesses save time and money and consumers aren't unproductively 
hassled by information; phone calls, junk mail, junk e-mail and the 
like. However, right now it is extremely difficult to accomplish this 
1 0 goal, and so businesses continue to annoy consumers while wasting 
their own time, money, and effort. 

Because of the Vast Amount of Information 
Available, Even Systems that Provide a High Degree 
of Organization May Be Difficult to Use or Access 

1 5 You can find yourself wasting a lot of time finding things — 

even in places where finding things is supposed to be easy. For 
example, a library is a place where you can find all sorts of useful 
information but can also waste a lot of time trying to find what you 
are looking for. Modern libraries can be huge, containing tens or 

20 even hundreds of thousands or millions of different books, 

magazines, newspapers, video tapes, audio tapes, disks, and other 
publications. Most libraries have an electronic or manual card catalog 
that classifies and indexes all of those books and other materials. 
This classification system is useful, but it often has significant 

25 limitations. 



WO 99/24928 PCT/US98/23648 

7 

For example, normally a card catalog will classify materials 
based only on a few characteristics (for example, general subject, 
author and title). The boy in Figure 3 is looking for information on . 
American League baseball teams during World War II for a high 
5 school report. The card catalog led to the general subject of baseball 
and other sports, but, looking at the catalog, he can't identify any 
books that seem to provide the specific information he wants to see, 
so he must rely on books classified as "histories of sports" or 
"histories of baseball." He can spend lots of time looking through the 

1 0 books on the shelves, going back to the card catalog, and going back 
to the shelves before he finds a reference that's reasonably helpful. 
He may need to go ask an expert (the librarian) who is familiar with 
the books the library has on sports and may know where to look for 
the information. Even then, the boy may need to flip through many 

1 5 different books and magazines, and look in many different places 
within the library before he finds the information he is looking for. 

Finding Products You Want or Need Can Be Very 
Difficult and Time Consuming 

The same kind of frustrating experience can happen when you 
20 shop for a particular kind of item. While some people enjoy 

shopping, and have fun seeing what is in various stores, many people 
dislike spending time shopping, searching for the best or most 
affordable item. And sometimes even people who like to shop don't 
have the time to shop for a specific item. 



WO 99/24928 PCT/US98/23648 

t ■ ♦ 

8 

For example, the man in Figure 4 goes into a shopping mall 
looking for a tie to fit very tall people. He didn't wear a tie to work 
that day, but, at the last minute, an important meeting was scheduled 
for later that day and he needs to dress up. The shopping mall has a 
5 large variety of stores, each selling a range of merchandise " But the ■ 
man may only have a short time to look. For example, he may be on 
his lunch break, and needs to get back to work soon. He can't spend a 
lot of time shopping. - He may therefore need to rely on tools to help 
him identify where he wants to buy the tie;. Perhaps he uses a mall 

1 0 directory that classifies the different stores in terms of what kinds of 
merchandise they sell (for example, clothing, books, housewares, 
etc.). Perhaps he asks at the malls help desk staffed by "experts" who 
know what is available in the shopping mall. But even these 
resources may not tell him where to buy Italian silk ties that are 

1 5 discounted and cost $20. So he does the best he can with the 
available resources. 

These Problems Are Worse in the Digital World 

The electronic or digital world offers a rapidly growing, vast 
array of electronically published products and services. For example, 

20 computer superstores have a dizzying array of different software 
products. Furthermore, music is now published primarily in digital 
form on optical disks, and video will soon be published that way too. 
And, of particular interest related to certain of the inventions 
described by this document, the Internet now has millions of home 

25 pages with an overwhelmingly variety and quantity of digital 



WO 99/24928 PCT/US98/23648 



information, and, these millions of home pages, in turn, point or 
"link" to millions of other web pages as well. 

Today, for example, you can use the Internet to: 

• read electronic newspapers, books and magazines and 
5 see them on your computer screen; 

• get music in electronic form and play it using your 
computer; 

• send and receive electronic mail all over the world; 

• download reports and other information compiled by 
] 0 governments, companies, industries, universities, and 

individuals; 

• watch videos and animations; 

• play games with "cyber- friends" located around the 
world; 

1 5 • chat with individuals and groups who share at least 

some interests in common; 

• participate in "virtual reality" worlds, games, and/or 
experiences; 

• (offer to) buy, and/or (offer to) sell nearly anything; 
20 and 

• conduct electronic transactions and commerce. 



Today on the Internet and you can also find nearly anything 
and everything you can possibly imagine, although finding exactly 
what you really want may be time consuming and frustrating. This is 



WO 99/24928 PCT/US98/23648 

10' 

because the Internet and World Wide Web provide perhaps the best 
example of an environment that is particularly hard to navigate. 
There are an overwhelming number of choices — too many to easily 
relate to or understand — and many of which are terribly hard to find, 
5 even using the various Web searching "engines." The Internet is 
particularly exciting because it has the potential to provide to nearly 
everyone access to nearly every kind of information. Information can 
also come from an almost limitless variety of sources. But today, so 
much information on the Internet is superficial or useless, and too 

10 many choices can be more a curse than a blessing if you don't have 
meaningful, easy ways to eliminate all but a relatively few choices. 
And the situation will only become much worse as more Web sites 
appear, and as digital information is distributed in "objects" or 
"containers" providing enhanced security and privacy but possibly 

1 5 more difficult access and identifiability. 

As time passes, more and more valuable and desirable 
information will be available in digital containers. However, unless 
tools are developed to solve the problem, there will be no efficient or 
satisfying means to sort through the potentially trillions of digital 
20 containers available on tens of millions of Web pages, to find 
containers satisfying a search or fulfilling an information need. 
Furthermore, existing information searching mechanisms typically 
provide no way to readily perform a search that matches against 
underlying commercial requirements of providers and users. 



WO 99/24928 PCT/US98/23648 

11 

It Will Be Difficult to Find Rights Management 
Scenarios Matching Your Requirements 

If, for example, you have an auto repair newsletter and you 
want to create an article containing information on auto repair of Ford 
5 Bronco vehicles, you may wish to look for detailed, three 

dimensional, step-by-step "blow-up" mechanical images of Ford 
Bronco internal components. Perhaps these are available from 
hundreds of sources (including from private individuals using new, 
sophisticated rendering graphics programs, as well ( as from 

1 0 engineering graphics firms). Given the nature of your newsletter, you 
have decided that your use of such images should cost you no more 
than one penny to redistribute per copy in quantities of several 
thousand — this low cost being particularly important since you will 
have numerous other costs per issue for acquiring rights to other 

1 5 useful digital information products which you reuse and, for example, 
enhance in preparing a particular issue. You therefore wish to search 
and match against rights management rules associated with such 
products non-limiting examples of which include: 

• cost ceilings, 

20 • redistribution rights (e.g., limits on the quantity that may 

be redistributed), 

• modification rights, 

• class related usage rights, 

• category related usage rights, 



WO 99/24928 



PCT/US98/23648 



12 



sovereignty based licensing and taxation fees, 



import and export regulations, and 



reporting and/or privacy rights (you don't want to report 
back to the product provider the actual identity of your 



5 



end users and/or customers, 



If you can't match against your commercial requirements, you 
may be forced to waste enormous amounts of time sifting through all , 
of the available products matching Ford Bronco internal components - 
- or you may settle for a product that is far less than the best available 
1 0 (settling on the first adequate product that you review). 

Computers Don't Necessarily Make It Easier to Find 



Anyone who has ever used the Internet or the World Wide Web 
knows that networks, computers and electronics, when used together, 

15 do not necessarily make the overall task of finding information easier. 
In fact, computers can make the process seem much worse. Most 
Internet users will probably agree that trying to find things you are 
interested on the Internet can be a huge time drain. And the results 
can be very unsatisfactory. The rapid growth rate of information 

20 available on the Web is continually making this process of finding 
desired information even harder. You can spend many hours looking 
for information on a subject that interests you. In most cases, you 
will eventually find some information of value — but even using 
today's advanced computer search tools and on-line directories, it can 



Things 



WO 99/24928 PCT/US98/23648 

13 

take hours or days. With the advent of the technology advances 
developed by InterTrust Technologies Corp. and others, publishers 
will find it far more appealing to make their valuable digital ( , 
information assets available on-line and to allow extractions and 
5 modifications of copyrighted materials that will vastly expand the 
total number of information objects. This will enormously worsen the 
problem, as the availability of valuable information products greatly 
expands. . ,~ - 

It Is Usually Hard to Find Things On the Internet 

1 0 There are many reasons why it is difficult to find what you 

want on the Internet. One key reason is that, unlike a public library, 
for example, there is no universal system to classify or organize 
electronic information to provide information for matching with 
what's important to the person who is searching. Unlike a library, it 

15 is difficult on the Internet to efficiently browse over many items since 
the number of possible choices may be much larger than the number 
of books on a library shelves and since electronic classification 
systems typically do not provide much in the way of physical cues. 
For example, when browsing library shelves, the size of a book, the 

20 number of pictures in the book, or pictures on magazine covers may 
also help you find what you are interested in. Such physical cue 
information may be key to identifying desired selections from library 
resources. Unfortunately, most digital experiences typically do not 
provide such cues without actually loading and viewing the work in 

25 digital form. 



WO 99/24928 PCT/US98/23648 

14 

Thus, another reason why the electronic or digital world can 
make it even harder to find information than ever before has to do 
with the physical format of the information. The digital information 
may provide few or no outward cues or other physical characteristics 
5 that could help you to even find out what it is - let alone determine • 
whether or not you are interested in it, unless such cues are provided 
through special purpose informational (for example, graphical) 
displays. On the Internet, everyone can be an electronic publisher, 
and everyone can organize their offerings differently — using visual 

10 cues of their own distinctive design (e.g., location on a web page, 
organization by their own system for guiding choices). As one 
example, one publisher might use a special purpose graphical 
representation such as the video kiosk to support an electronic video 
store. Other publishers may use different graphical representations 

1 5 altogether. 

Historically, there has been no particular need for consistent 
selection standards in conventional, non-electronic store based 
businesses. Indeed, it is often the unique display and choice selection 
support for customers' decision processes that make the difference 

20 between a successful store and a failure. But in the electronic 

world— where your choice is not among a few stores but rather is a 
choice among potentially thousands or even millions of possibly 
useful web sites and truly vast numbers of digital containers the 
lack of a consistent system for describing commercially significant 

25 variables that in the "real" world may normally be provided by the 



WO 99/24928 PCT/US98/23648 

15 

display context and/or customized information guidance resource 
(catalog book, location of goods by size, etc.) seriously undermines 
the ability of digital information consumers to identify their n^QSt . 
desirable choices. 

•5 Adding to this absence of conventional cues, the enormity of. 

available choices made available in cyberspace means that the digital 
information revolution, in order to be practical, must provide 
profoundly more powerful tools to filter potentially desirable 
opportunities from the over abundance of choices. In sum, the 

1 0 absence of the ability to efficiently filter from a dimensionally 
growing array of choices, can completely undermine the value of 
having such a great array of choices. 

In the "real" world, commercial choices are based on going to 
the right "store" and using the overall arrays of available information 

15 to identify one's selection. However, as information in digital and 
electronic form becomes more and more important, the problem of 
relating to the vast stores of information will become a nightmare. 
For example, picture yourself in a store where each shopping aisle is 
miles long, and each item on the shelf is packaged in the same size 

20 and color container. In an actual store, the product manufacturers put 
their products into brightly colored and distinctively shaped packages 
to make sure the consumer can readily find and select their product. 
These visual cues distinguish, for example, between a house brand 



WO 99/24928 PCT/US98/23648 

16 

and a specific name brand, between low fat and regular foods, and 
between family size and small size containers. 

On the Internet, a digital "store" is likely to be many stores with 
vast resources integrating products from many parties. If you were 
5 limited to conventional classification and matching mechanisms, you 
would be unable to sift through all the material to identify the 
commercially acceptable, i.e., an item representing the right 
information, at the right price, providing license rights that match 
your interests. Certainly, if each digital package looks the same, you 
10 are at a loss in making reasonable decisions. You can't tell one from 
another just by looking at it. 

While information written on the "putside" of a digital package 
may be useful, you simply don't have the time to read all the 
packages, and anyway, each packager may use different words to 

1 5 describe the same thing and the descriptions may be difficult to 
understand. Some people may write a lot of information on the 
outside of their package, and others may write little or nothing on the 
outside of the package. If there is no universal system agreed upon 
by everyone for defining what information should be written on the 

20 outside of the package and how it should be formatted, using such a 
store would be painfully difficult even if you could limit the number 
of choices you were evaluating. 



WO 99/24928 PCT/US98/23648 

17 

There is a Need For Efficient and Effective Selection 
Based, at Least in Part, on Rights Management 
Information 

Unlike a real store where all breakfast cereals are shelved 
5 together and all soft drinks are in the same aisle, there may be no 
single, universal way to display the organization of all of the 
information in a "digital store" since, by its nature, digital information 
frequently has many implications and associated rules. For example, 
there now exist highly developed rights management systems such as 

10 described in U.S. Patent application Serial No. 08/388,107 of Ginter 
et al., filed 13 February 1995, for "Systems And Methods For Secure 
Transaction Management And Electronic Rights Protection (hereafter 
"Ginter et al") - the entire disclosure (including the drawings) of 
which is expressly incorporated into this application as if expressly 

1 5 set forth herein. Many rules associated with any given piece of digital 
information may, combinatorially, given rise to many, very different, 
commercial contexts that will influence the use decisions of different 
potential users in many different ways (e.g., cost, auditing, re-use, 
redistribution, regulatory requirements, etc.). 

20 No readily available systems developed for the digital 

information arena provide similarly satisfying means that describe the 
many commercial rules and parameters found in individual custom 
catalogs, merchandise displays, product specifications, and license 
agreements. Further, no readily available mechanisms allow 



WO 99/24928 PCT/US98/23648 

18' 

"surfing" across vast choice opportunities where electronic matching 
can single out those few preferred items. 

As one example, picking an appropriate image may involve any 
or all of the following: 
5 • price, 

• republishing (redistribution) rights, 

• rights to extract portions, . 

• certified usable in certain sovereignties (e.g., 
pornographic content not allowed in Saudi Arabia), 

10 • size, 

• format, etc., 

• use and reuse administrative requirements (e.g., which 
clearinghouses are acceptable to rightsholders, what is 
the requirement for reporting usage information - is the 

1 5 name of your customer required, or only the use class(es) 

or none — is advertising embedded), and 

• other features. 

No previously readily available technology allows one to 
efficiently make selections based on such criteria. 

20 By their nature, and using the present inventions in 

combination with, amongst other things, "Ginter et al", the packages 
in a digital store may be "virtual" in nature — that is, they may be all 



WO 99/24928 PCT/US98/23648 

19 

mixed up to create many, differing products that can be displayed to a 
prospective customer organized in many different ways. This display 
may be a "narrowcasting" to a customer based upon his matching 
priorities, available digital information resources (e.g., repository, 
5 property, etc.) and associated, available classification information. In 
the absence of an effective classification and matching system 
designed to handle such information, digital information of a . 
particular kind might be just about anywhere in the store, and very 
difficult to find since the organization of the stores' digital information 
1 0 resources have not been "dynamically" shaped to the matching 
interests of the potential customer. 

These Inventions Solve These Problems 

The present inventions can help to solve these problems. It can 
give you or help you to find the things you like, need or want. For 
1 5 example, it can deliver to you, (including narrowcasting to you), or 
help you to find: 

• things that match your interests; 

• things that match your lifestyle; 

• things that match your habits; 

20 • things that match your personality; 

• things you can afford and/or accept your preferred 
payment method; 

• things that help you in your work; 

• things that help you in your play; 



WO 99/24928 PCT/US98/23648 

• things that help you to help others; 

• things that other people who are similar to you have 
found helpful, 

• things that fulfill the commercial objective or 
5 requirements of your business activities; arid 

• things that will make you happy and fulfilled. 

The present inventions can expand your horizons by helping 
you to find interesting or important things, things that you enjoy, 1 
things that optimize your business efficiency, and things that help you 
1 0 make the best digital products or services you can — even if you 

didn't know precisely what or how to look for what you may need. It 
can also help you by allowing things you didn't know existed or 
know enough to look for - but that you may be interested in, want or 
need - to find you. 

15 The Present Inventions Can Use "Metaclasses" to 
Take Multiple Classifications Into Account 

In some areas, multiple classifications may already exist and 
thus it is important for a consumer to be able to find what he or she is 
looking for while taking into account not only that there may be 
20 multiple classifications, but also that some classifications may be 

more authoritative than others. For example, Consumer Reports may 
be more authoritative on certain topics than more casual reviews 
published, for example, in the local weekly newspapers. 



WO 99/24928 PCT/US98/23648 

21 

As another example, consider a book that rates restaurants 
according several factors, including, for example, quality, price, type 
of food, atmosphere, and location. In some locations there may.be . 
many guides, but they may review different sets of restaurants. One 
5 guide may rate a particular restaurant highly while one or more others 
may consider it average or even poor. Guides or other sources of 
ratings, opinions, evaluations, recommendations, and/or value may 
not be equally authoritative, accurate, and/or useful in differing 
circumstances. One consumer may consider a guide written by a 
1 0 particular renowned expert to be more authoritative, accurate, and/or 
useful than a guide reflecting consumer polls or ballots. However, 
another consumer may prefer the latter because the second consumer 
may perceive the tastes of those contributing opinions to be closer to 
his or her own tastes than those of the experts. 

1 5 In accordance with the present inventions, a person may be able 

to find a restaurant that meets specified criteria - for example, the 
highest quality, moderately priced Cantonese and/or Hunan Chinese 
food located in Boston or Atlanta - while weighting the results of the 
search in favor of reviews from travel books rather than from the local 

20 newspapers. As this example indicates, the searching may be 
according to class of authoritative source (and/or classes sources 
considered authoritative by the consumer) instead of weighting 
individual reviewers or sources. Thus in accordance with the present 
inventions, search may be performed at least in part based on classes 

25 of classes, or "metaclasses." 



WO 99/24928 PCT/US98/23648 

22' ' 

The Present Inventions Can Make Choices Easier 

One simple way to look at some examples of the present 
inventions is as a highly sensitive electronic "matchmaker" that 
matches people or organizations with their best choices, or even 

5 selects choices automatically. The present inventions can match 
people and/or organizations with things and/or services, things with 
other things and/or services, and/or even people with other people. 
For example; the matching can be based on profiles that are a ( 
composite of preference profiles of one or more specific users, one or 

10 more user groups, and/or organizations where the contribution of 
any given specific profile to the composite profile may be weighted 
according to the specific match circumstances such as the type and/or 
purpose of a given match activity. 

Figure 5 shows a simplified example of an electronic 
1 5 matchmaker that can match up two people with like interests. Sarah 
loves hiking, country and western music, gardening, movies and 
jogging. Mark loves movies, hiking, fast cars, country and western 
music, and baseball. The electronic matchmaker can look at the 
interests, personalities and/or other characteristics of these two people 
20 and determine that they are compatible and should be together — 
while maintaining, if desired, the confidentiality of personal 
information. That is, unlike conventional matchmaking services, the 
present inventions can keep personal information hidden from the 
service provider and all other parties and perform matching within a 



WO 99/24928 PCT/US98/23648 

23 

protected processing environment through the use of encryption and 
protected processing environment-based matching analysis. 

For example, certain matching of facts that are maintained for 
authenticity may be first performed to narrow the search universe. 
5 Then, certain other matching of facts that are maintained for secrecy 
can be performed. For example, matching might be based on shared 
concerns such as where two parties who have a given disability (such 
as cancer or HIV infection) that is certified by an authority such as a 
physician who is certified to perform such certification; or the same 

10 income level and/or bank account (as certified by an employer and/or 
financial authority such as a bank). Some or all of such secret 
information may or may not be released to matched parties, as they 
may have authorized and/or as may have been required by law when a 
match is achieved (which itself may be automatically managed within 

1 5 a protected processing environment through the use of controls 
contributed by a governmental authority). 

Figure 5A shows an electronic matchmaker that matches an 
electronic publisher with mystery stories for his quarterly electronic 
mystery anthology, where the matching is based on price, 
20 redistribution rights, editing rights, attribution requirements 

(attributing authorship to the author), third party rating of the writers 
quality, length of story, and/or the topical focus of the story (for 
example). Here, rule managed business requirements of publisher 
and writers are matched allowing for great efficiency in matching, 



WO 99/24928 PCT/US98/23648 

24' 

coordination of interests, and automation of electronic business 
processes and value chain activities. 

The convenience of the "electronic matchmaker" provided in 
accordance with the present inventions extends to commerce in 
5 physical goods as well — as illustrated in Figure 5b. In this non- 
limiting example, the electronic matchmaker is communicating to the 
consumer via the Internet and World Wide Web. The matchmaker 
has found the lowest quoted price for a Jeep sports utility model ' 
given, in this one example, a multitude of factors including: 
10 • model, 

color, 

options package, 
availability, and 

discounts resulting from the consumer's membership in 
15 certain classes (such as membership in the American 

Association of Retired Persons, membership in the 
American Automobile Association, and being a graduate 
of Stanford University). 

Membership in these associations and alumni status may be conveyed 
20 or indicated by possession of a special electronic document called a 
"digital certificate," "membership card," and/or other digital 
credential that warrants or attests to some fact or facts. 



WO 99/24928 PCT/US98/23648 

25 

Thus, the electronic matchmaker provided in accordance with 
these inventions can also match people with things. Figure 6 shows 
two people, Harry and Tim. Harry loves sports most of all, bi^t also • 
wants to know a little about what is going on in the business world. 
5 The business world is most important to Tim, but he likes to keep up 
with the baseball scores. The electronic matchmaker in accordance 
with these inventions can learn about what Harry and Tim each like, 
and can provide information to a publisher so the publisher can 
narrowcast a newspaper or other publication customized for each of 

1 0 them. A newspaper company can narrowcast to Harry lots of sports 
information in his newspaper, and it can narrowcast to Tim mostly 
business information in his newspaper. In another example, Harry's 
newspaper may be uniquely created for him, differing from all other 
customized newspapers that emphasize sports over business 

1 5 information. But information that Harry and Tim respectively want to 
maintain as authentic or secret can be managed as such. 

The electronic matchmaker can also match things with other 
things. Figure 7 shows how the electronic matchmaker can help a 
student put together a school project about big cats. The electronic 

20 matchmaker can help the student locate and select articles and other 
material about various kinds of big cats. The electronic matchmaker 
can, for example, determine that different articles about tigers, lions 
and cheetahs are all about big cats - but that articles about elephants 
and giraffes are not about big cats. If there is a charge for certain 

25 items, the electronic matchmaker can find only those items that the 



WO 99/24928 PCTAJS98/23648 

student can afford, and can make sure the student has the right to print 
pictures of the big cats. The electronic matchmaker can help the 
student to collect this information together so the student can make a 
colorful poster about big cats. 

5 The electronic matchmaker can match up all sorts of different 

kinds of things. Figure 8 shows the electronic matchmaker looking at 
three different objects. The matchmaker can determine that even 
though objects A and C are not identical, they are sufficiently similar ' 
that they should be grouped together for a certain purpose. The 
1 0 electronic matchmaker can determine that for this purpose, object B is 
too different and should not be grouped with objects A and C. For a 
different purpose, the electronic matchmaker may determine that 
objects A, B and C ought to be grouped together. 

The Present Inventions Can Make Use of Rights 
1 5 Management Information 

How does the electronic matchmaker find out the information it 
needs to match or classify people and things? In accordance with a 
feature provided by these inventions, the electronic matchmaker gets 
information about people and things by using automated, 
20 computerized processes. Those processes can use a special kind of 
information sometimes known as rights management information. 
Rights management information may include electronic rules and/or 
their consequences. The electronic matchmaker can also use 
information other than rights management information. 



WO 99/24928 PCT/US98/23648 

27 

An example of rights management information includes certain 
records about what a computer does and how it does it. In one .simple 
example, records may give permission to read a particular nevys. 
article if that the customer is willing to pay a nickel to purchase the 
5 article and that the nickel may be paid using a budget provided by a 
credit card company or with electronic cash. A customer might, for 
example, seek only news articles from providers that take electronic 
cash and/or process information with a certain information 
clearinghouse as described in U.S. Patent application Serial No. 

1 0 08/699,7 1 2 to Shear et al., filed 1 2 August 1 996, for "Trusted 

Infrastructure Support Systems, Methods And Techniques For Secure 
Electronic Commerce Electronic Transactions And Rights 
Management" (hereafter "Shear et al") - the entire disclosure 
(including the drawings) of which is expressly incorporated into this 

1 5 application as if expressly set forth herein. 

The Present Inventions Can Maintain Privacy 

Figure 9 shows one way in which the electronic matchmaker 
can get information about a person. In this example, the electronic 
matchmaker asks Jill to fill out a computer questionnaire about what 
20 she likes. The questionnaire can also ask Jill what information she 
wishes to be maintained as authentic, and what information (e.g., 
encrypted by the system) may be used for secure matching only 
within a protected processing environment and can not be released to 
another party, or only to certain specified parties. The questionnaire 



WO 99/24928 PCT/US98/23648 

28* 

answering process may be directly managed by a protected processing 
environment to ensure integrity and secrecy, as appropriate. 

For example, the questionnaire may ask Jill whether she likes 
baseball and whether she is interested in volcanoes. The electronic 
5 matchmaker can also ask Jill if it is okay to look at records her 

computer maintains about what she has used her computer, for in the 
past. These computer records (which the computer can maintain 
securely so that no one can get to them without Jill's permission) can ' 
keep a history of everything Jill has looked at using her computer 
1 0 over the past month and/or other time period - this process being 

managed, for example, through the use of a system such as described 
in the "Ginter et al." 

Looking at Figure 1 0, Jill may have used her computer last 
week to look at information about baseball, volcanoes and Jeeps. 

15 With Jill's permission, the electronic matchmaker can employ a 

protected processing environment 154 (schematically shown here as a 
tamper-resistant "chip" within the computer - but it can be hardware- 
based, software-based, or a combination of hardware and software) to 
look at the computer's history records and use them to help match Jill 

20 up with other kinds of things she is or may be interested in. For 

example, the electronic matchmaker can let an electronic publisher or 
other provider or information gatherer (e.g., market survey conductor, 
etc.) know that Jill is interested in team sports, geology and sports 
utility vehicles with or without more revealing detail — as managed 



WO 99/24928 PCT/US98/23648 

29 

by Jill's choices and/or rights management rules and controls 
executing in her computer's protected processing environment. 154. 
The provider can send information to Jill - either automatically .or at* 
Jill's request - about other, related things that Jill may be interested 
5 in. 

Figure 1 1 shows an example of how rights management and 
other information JilPs computer maintains about her past usage can 
be useful in matching Jill up with things she may need or want. The 
computer history records can, for example, show that Jill looked at 
1 0 hockey information for three hours and football information for five 
hours during the past week. They can indicate that Jill uses a 
Discover credit card to pay for things, usually spends less that $10 per 
item, averages $40 per month in such expenses, and almost never 
buys new programs for her computer. 

1 5 The electronic matchmaker can, with and subject to Jill's 

permission, look at and analyze this information. As one example, 
the electronic matchmaker can analyze relevant rules and controls 
provided by third parties who have rights in such information — 
where such rules are controlled, for example, by Jill's computer's 

20 protected processing environment 154. It can also look at and 

analyze Jill's response to computer questionnaires indicating that she 
likes baseball and football. The electronic matchmaker can, based on 
all of this information, automatically select and obtain videos and/or 
other publications for Jill about team sports and that cost less than 



WO 99/24928 PCT/US98/23648 

30 

$10 and that accept payment using a Discover card, so that Jill can 
preview and select those in which she may have a particular interest 
and desire to acquire. 

Figure 12 shows that the electronic'matchmaker can take into 
5 account computer history records for lots of different people. The 
electronic matchmaker can work with other rights management 
related computer systems such as "usage clearinghouses 1 ' (non- 
limiting examples of which are described.in each of "Ginter et al" and' 
"Shear et al") to efficiently collect rights management related 
10 information. The ability to collect history records from many 

different people can be very useful. For example, this can allow the 
electronic matchmaker to distinguish between things that are very 
popular and things that are not so popular. 

The present inventions provide great increases in efficiency and 
1 5 convenience. It can save you a lot of time and effort. It can allow 
computers to do a lot of the work so you don't have to. It can allow 
you to compete with larger businesses — and allow large business to 
function more efficiently « by allowing the location of resources 
particularly appropriate for certain business activities. You can 
20 delegate certain complex tasks to a computer, freeing you to be more 
productive and satisfied with electronic activities. These automated 
processes can be "smart" without being intrusive. For example, they 
can learn about your behavior, preferences, changing interests, and 
even your personality, and can then predict your future interests based 



WO 99/24928 PCT/US98/23648 

31 

on your past behavior and interest expressions. These processes can 
ensure confidentiality and privacy - so that no one can find out 
detailed information about you without your consent. Across the full 
range of personal and business activities, the present inventions allow 
5 a degree of basic efficiency, including automation and optimization of 
previously very time consuming activities, so that interests and 
possible resources are truly best matched. 

The present inventions handle many kinds of important issues 
and addresses the widest range of information and rights and 
10 automation possibilities. For example, the present inventions are 
capable of handling (but are not limited to): 

• consumer information; 

• computer information; 

• business information; 

1 5 • entertainment information; 

• other content information; 

• information about physical products; 

• all other kinds of information. 

It can reflect and employ all kinds of rights to optimize 
20 matching processes, including: 

• content rights; 

• privacy rights; 

• governmental and societal rights; 

• provider rights; 



WO 99/24928 PCI7US98/23648 

32 ' 

• distributor rights; 

• consumer rights; 

• workflow rights; 

• other value chain participant rights; 
5 • work flow rights; 

• business and personal rights and processes of all 
kinds. 

It can employ alf kinds of parameter information, including: 

• budget, 
10 • pricing 

• redistribution 

• location (of party, item, etc.) 

• privacy 

• identity authenticity and/or specificity 
1 5 • any other parameter information. 

Pricing (for example the price of a specific item) can be used in 
matching based upon price per unit and/ or total price for a volume 
purchase, price for renting, right to redistribute, cost for redistributing 
items, etc. 

20 Privacy can be used for establishing matching contingent upon 

usage reporting requirements for viewing, printing, extracting, 
dedistributing, listening, payment and/or requiring the reporting of 



WO 99/24928 PCT/US98/23648 

.33* 

other information such as personal demographics such as credit 
worthiness, stored value information, age, sex, marital status, race, 
religion, and/or usage based generated profiling information based 
materially upon, for example, a users history of usage of electronic 
5 content and/or commercial transactions, etc. 

Identity can be used for matching based upon, for example, 
such as the presence of one or more specific, class, and/or classes of 
certificates, including, for example, specific participant and/or group 
of participant, including value chain certificates as described in 
10 "Shear etal". 

With the inventions described herein, commercial requirement 
attributes embodied in rules (controls and control parameter data) are 
employed in classification structures that are referenced by search 
mechanisms, either, for example, directly through reading rule 

1 5 information maintained in readable (not encrypted) but authentic 
(protected for integrity) form, through reading rule information 
maintained securely, through processes employing a protected 
processing environment 1 54 of a VDE node, and/or through the 
creation of one or more indexes and/or like purpose structures, that, 

20 directly, and/or through processes employing a protected processing 
environment 154, automatically compile commercial and other 
relevant (e.g., societal regulatory information such as a given 
jurisdiction's copyright, content access and/or taxation regulations) 
for classification/matching purposes. 



WO 99/24928 PCT/US98/23648 

34 

The present inventions can employ computer and 
communication capabilities to identify information, including:. 

• topical classification such as described by conventional* 
library classification systems, 

5 • commercial characterizations — including commercial 

parameter data such as pricing, size, quality, specific 
redistribution rights, etc., 

• creator (e.g., a publisher or manufacturer), distributor, 
societal, user, and other participant interests information, 

1 0 • information generated by automated profiling of any and 

all of such parties or collections of parties, 

• matching (including electronically negotiating a match) 
between the interests of any of such parties, 

• where appropriate, the use of statistical procedures, 
15 expert systems, and artificial intelligence tools for 

profiling creation and/or analysis, matching, and/or 
negotiation. 

The present inventions thus provide for optimal user, provider, 
and societal use of electronic cyberspace resources (for example, 
20 digital information objects available across the Internet, sent by direct 
broadcast satellite, transmitted over a cable TV system, and/or 
distributed on optical disk). 



WO 99/24928 PCT/US98/23648 

35' 

Of particular importance is the notion of classes of content, 
classes of users, and classes of providers. For example, the present 
inventions can make use of any/all of the following: 

• topical identification, for example, such as 

5 information represented in typical library subject 

and/or author and/br catalog and/or keyword search 
and retrieval information systems; 

• any commercial requirements, associated with the use ( 
of electronic information (and/or to products, 

1 0 including non-electronic products, and/or to any 

service), including information embodied in 
encrypted rules (controls and/or parameter data) 
governing rights in electronic value chain and 
electronic interaction contexts, and further including 

1 5 information guaranteed for integrity; 

• any information descriptive of an available resource 
(which may include any information, product, and/or 
service, whether available in electronic and/or 
physical forms) such as: the quality of a digital 

20 product as evaluated and ranked and/or otherwise 

specified by one or more third parties and/or 
independent third parties (e.g., Consumer Reports, a 
trusted friend, and/or a professional advisor), the size 
of a product, length in time in business of a service or 

25 in the market of a product, a product's or service's 



PCT/US98/23648 

36 

market share, and/or subject governmentally and/or 
other societally imposed rules and/or integrity, 
guaranteed descriptions, including any associated • 
regulatory requirements, such as societal 
requirements granting and/or reporting access to 

# 

information, for example, information on how to 
create a nuclear bomb to a confidential government 
_ auditing agency (thisallowing free access to 
information while protecting societal rights); 
any information descriptive of a user and/or 
department and/or organization and/or class of users 
and/or departments and/or organizations (including, 
for example, such descriptive information encrypted 
and/or guaranteed for integrity) wherein such 
information may include, for example, name, physical 
and/or network and/or cyber-wide logical network 
location, organizational and/or departmental 
memberships, demographic information, credit and/or 
trustworthiness information, and profile preference 
and usage history information, including any 
generated profile information reflecting underlying 
preferences, and/or classes based on said descriptive 
information and/or profiles. 



WO 99/24928 PCT/US98/23648 

37 '■■ ' 

Some Of The Advantageous Features And 
Characteristics Provided By The Present Inventions 

The classification, matching, narrowcasting, analysis, profiling, 
negotiation, and selection capabilities of the present inventions 
5 include the following capabilities (listed items are, not mutually 
exclusive of each other but exemplary samples): 

• Enables highly efficient provision of classes of 
information, entertainment, and/or services to classes 

i 

of individuals and/or entities, that have (and/or may 
] 0 obtain) the right(s) to such information and are likely 

to find identified information interesting, useful, 
and/or entertaining., 

• The present inventions also provide systems and 
methods for efficiently determining class hierarchies, 

1 5 classification schemes, categories, and/or category 

schemes and/or the assignment of objects, persons 
and/or things to said class hierarchies, classification 
schemes, categories, and/or category schemes using at 
least some rights management information. 

20 • Helps systems, groups, and/or individuals classify, 

locate, and/or obtain specific information and/or 
classes of information made available through so- 
called "publish and subscribe" systems and methods 
using, among other things, subject-based addressing 

25 and/or messaging-based protocol layers. 



PCT/US98/23648 

38 

Provides fundamentally important commercial and 
societal rules based filtering to identify desired 
electronic information and/or electronic information, 
containers through the use of classification structures, 
profiling technology, and matching mechanisms that 
harness the vast information opportunities in 
cyberspace by matching the information needs of 
users against commercial and/or societal rules related 
to the use of available information resources, 
including, for example, commercial and/or societal 
consequences of digital information use imposed as 
provider requirements and specified through the use 
of, and enforced by the use of, a trusted rights 
management system such as described in "Ginter et 
al". 

Enables content creators and/or distributors to 
efficiently "stock the shelves" of retail electronic 
content outlets and similar merchanisers (both 
electronic and hard goods) with products and/or 
services most likely to be purchased and/or used by 
the customers of such merchanisers. This includes 
both identifying and "stocking" the most desirable 
products and/or other user desired resources and 
optimally presenting such products and/or other 



PCT/US98/23648 

39 

resources in a manner optimized for specific users 
and/or user classes. 

Matching may be based on history of matching, that 
is, matching derived at least in part from previous 
matching, one non-exhaustive example of which 
includes learned matching for increasing efficiency. 
Enables matching for value chains where the 
matching. is against-a plurality of co-participating 
value chain parties requirements and/or profiles 
against match opportunities, and/or matching by 
matches comprised of match input and/or aggregation 
of match rule sets of providers used to "dock" with 
one or more user needs, interests, requirements match 
sets. 

Helps match persons and/or things using fuzzy 

matching, artificial intelligence (e.g., expert systems), 

and other methods that that match using plural match 

sets from providers and/or receivers. 

Makes search easier by using smart agents that match 

at least in part using at least one class. 

Helps bring buyers and sellers together through cross 

matching, where both parties offer to provide and/or 

receive content and/or physical goods for 

consideration, including barter matching and 

negotiated barter and other kinds of matching. 



PCT/US98/23648 

40 

Helps potential customers find those members (e.g., 
objects such as digital information containers) of any 
one or more classes of content most useful, 
entertaining, and/or interesting to them. 
Facilitates organizations securely and efficiently 
acquiring and distributing for internal use certain 
classes of content available from external providers 
and/onmore securely and/or efficiently managing 
classes of their own content,, including being able to 
authorize certain classes of employees to use 
specified classes of internal and/or external content. 
Efficiently supporting matching between users and 
digital information where participants in a chain of 
handling and control have specified rules and usage 
consequences for such digital information that may 
depend on class membership, for example, on 
class(es) of content and/or class(es) of value chain 
participants and/or classes of electronic events, 
wherein such participants include, for example, users 
and/or participants contributing rules and 
consequences. 

Enables first individuals and/or organzations to locate 
efficiently other individuals, organizations, products, 
and/or services who have certain characteristics that 
corresponds to such first individuals 5 and/or 



PCT/US98/23648 

41' ' 

organizations' interests, including interests generated 
by profiling information locally gathered through 
local event auditing at a VDE installation. 
Facilitates businesses informing a customer about 
things of special interest to her or him, such as classes 
of goods, services, and/or content, including directing 
such information to a customer at least in part based 
on profiling information-locally gathered at a VDE 
installation through local event auditing at a VDE 
installation. 

Allows trading companies to match suppliers of 
certain classes of goods and/or services with those 
who desire to purchase and/or use those classes of 
goods and/or services, wherein such matches may 
include fulling a commercial business interaction and 
may further include one or more sequences of 
matches and/or nested matches (a sequence and/or 
grouping of matches within a given organization or 
group, wherein such matches may be required to 
occur in a certain order and/or participate along with 
other matches in a group of matches before a given 
match is fulfilled). 

Enhances equity portfolio management by making 
easier for traders to identify those equities having 
certain desired characteristics, such as belonging to 



PCT/US98/23648 

42 

the class of equities that will have the greatest 
positive effect on the value of the trader's portfolio 
given certain classes of information and assumptions. 
Such matches may take into account information 
external to the fulfilment of a given trade, for 
example, one or more certain other market or specific 
variable thresholds must be met before an equity is 
traded^ such. as a certain rise in the an index stock 
value of, and/or revenue of, certain one or more 
network hardware suppliers before a certain quantity 
of equity is purchased at a certain price for stock of a 
certain network hardware supplier raw network 
component manufacturer, and wherein, for example, 
such determinations can be performed highly 
efficiently at a user VDE installation as the point of 
control, where such node receives such trusted 
information in, for example, VDE containers, as is 
necessary for a control decision to occur to purchase 
such equity of such network hardware supplier raw 
component manufacturer. 

Makes easier automated foreign currency exchange 
by enabling currency traders to identify members of 
the class of possible trades and/or conversions that are 
likely to produce the best returns and/or minimize 
losses. 



PCT/US98/23648 

43' ' 

Helps consumers and organizations manage their 
affairs more efficiently and effectively and helps 
providers of services by automatically matching users 
with services that meet certain specified criteria, such 
as, for example, U. S. and Swiss banks offering the • 
highest interest rates on certain time based classes of 
bank deposit instruments. 

Enables distributers of software and other content to 
identify one or more classes of users who are most 
likely to be interested in purchasing or otherwise 
using certain classes of software. 
Enables rightsholders to employ rules and/or usage 
consequences dependent on membership in one or 
more classes where class membership may be 
indicated by posession of a special digital document 
called a "certificate." 

Enables rightsholders to employ rules and/or usage 
consequences at least partially dependent on roles and 
responsibilities within an organization, where those 
roles and responsibilities may be indicated by 
posession of a digital certificate, digital membeship 
card, and/or other digital credential. 
Facilitates more efficient automation of 
manufacturing and other workflow processes by, for 
example, matching certain manufacturing steps and/or 



PCT/US98/23648 

44 

processes with performance parameter data associated 
with available classes of equipment capable of 
performing those steps and/or processes. 
Makes easier the administration and enforcement of 
government and/or societal rights by, for example, 
providing matching means for automatically applying 
certain classes of tax rules to appropriate classes of 
sales and otherJxansactions. 
Enables altering the presentation of information 
and/or other content depending on the matching 
between preferences of the user and one or more 
classes of content being presented. 
Enables processing or altering (narrowcasting) of an 
event (e.g., the presentation of information and/or 
other content), for example, dynamically adjusting the 
content of an event, in response to a matching among 
the preferences and/or reactions of a user and/or user 
group, one or more classes of content being processed 
through one or more events, one or more classes of 
one or more users participating in and/or otherwise 
employing the one or more events, and/or event 
controls (i.e., rules and/or parameter data). 
Allows the rules and usage consequences and the 
presentation of information to vary according to the 
difficulty of the information, including, for example, 



PCT/US98/23648 

45'-' • 

i ( 

adjusting the difficulty of an electronic game so that it 
is neither too frustratingly difficult nor too easy to 
use. 

Enables a user to efficiently locate content in one or 
more particular classes, where class is defined at least' 
in part by weighted topical classification, where, for 
example, a document or other object is classified in 
one or more categories where at least one category 

i 

reflects the absolute or relative attention given to that 
class in the object being classified. 
Facilitates users' creation of a new document from 
parts of two or more documents, where at least one of 
such parts is identified and/or retrieved based upon 
matching the part's membership in one or more 
classes identified by trusted, commercial controls 
employed through the use of a rights management 
system. 

Enables users to search for, locate, and use only those 
parts of a document that belong to one or more 
specified classes, including those parts having certain 
commercial controls, for example, reflecting 
acceptable usage restrictions and/or pricing. 
Enhances search and retrieval by creating new classes 
of content discriptors that incorporate various 



WO 99/24928 PCTAJS98/23648 

46 

dispirate standards for content description and/or 
location. 

• Allows consumers to easily locate services having . 
certain specified characteristics, for example, 

5 gambling services offering the most favorable odds 

and/or specified rules for a particular game or games. 

• Helps consumers obtain certain classes of tickets to 
certain classes-of events. 

The above capabilities, and others described in this application, 
1 0 are often ideally managed by distributed commerce nodes of a 
distributed, rights management environment embedded in or 
otherwise connected to the operating system clients of a distributed 
computing environment such as described in "Ginter et al" and . 
further described in "Shear et al", and employing, for example, rules, 
15 integrity management, container, negotiation, clearinghouse services, 
and trusted processing capabilities described in "Ginter et al" and 
"Shear et al". 



The Present Inventions Make Use Of Many Kinds Of 
20 Information And/Or Data 

As discussed above, these inventions provide, among other 
things, matching, classification, narrowcasting, and/or selection based 
on rights management and other information. In particular preferred 
examples, these matching, classification, narrowcasting, and/or 



WO 99/24928 



PCT/US98/23648 



selection processes and/or techniques may be based at least in part on 
rights management information; The rights management information 
may be an input to the process, it may be an output from the process, 
and/or the process can be controlled at least in part by rights 
5 management information. Information in additionto, or other than, . 
rights management information may also be an input, an output, 
and/or a basis for controlling, the process and/or techniques. 

Rights management information may be directly or indirectly • 
inputted to the matching, classification and/or selection process. For 

10 example, rights management controls, rules and/or their consequences 
may be an input. Examples of such controls and/or rules include 
object registration related control set data, user related control set data 
and/or computer related control set data. In addition or alternatively, 
information provided based on control sets or rules and their 

1 5 consequences may be inputted. The following are examples of such 
information that may be provided based, for example, on rules and 
consequences: 

• information exhaust; 

• user questionnaires, 

20 • audit trail related information; 

• aggregated usage data; 

• information measuring or otherwise related to user 
behavior; 

• information measuring or otherwise related to user 
25 preferences; 



PCT/US98/23648 

48 

information measuring or otherwise related to user 
personality; 

information measuring or otherwise related to group , 
behavior; 

information measuring or otherwise related to group 
preferences; 

information measuring or otherwise related to group 

culture . . 

information measuring or otherwise related to 

organizational behavior; 

information measuring or otherwise related to 

organizational preferences; 

information measuring or otherwise related to 

organizational culture; 

information measuring or otherwise related to 
institutional behavior; 

information measuring or otherwise related to 
institutional preferences; 
information measuring or otherwise related to 
institutional culture; 

information measuring or otherwise related to 
governmental behavior; 
information measuring or otherwise related to 
governmental preferences; 



WO 99/24928 PCT/US98/23648 

49 ' 

• information measuring or otherwise related to 
governmental culture; 

• information measuring or otherwise related to societal 
behavior; 

5 • information measuring or otherwise related to societal- 

preferences; 

• information measuring or otherwise related to societal 
culture; . ■ . 

• object history related information; 
1 0 • other types of information; 

• any combinations of information including, some, all 
or none of the information set forth above. 

The processes, techniques and/or systems provided in 
accordance with these inventions may output rights management 
1 5 related information such as, for example: 

• one or more control sets; 

• various rules and/or consequences; 

• information used by control sets; 

• certificates; 

20 • other rights management information. 

In accordance with various preferred embodiments provided by 
these inventions, information other than rights management 
information may also be used, at least in part, as an input, output 
and/or to control the matching, classification, narrowcasting, and/or 



WO 99/24928 



PCT/US98/23648 



50 



selection processes, systems and/or techniques. Examples of such 
information include: 

• content object information; 
full text 

portions of objects 
portions of sub-objects 
abstracts 
metadata 

other content object related information 
] 0 • user information 

census information 
purchasing habits 

credit and financial transaction related 
information 

1 5 • governmental records 

responses to questionnaires 
survey results 
other user information 

• computer related information 
20 • identification information 

configuration information 
other computer related information 

• combinations of information. 



WO 99/24928 PCT/US98/23648 

si'" 

Matching/Classifying/Selection 

Systems, methods and techniques provided in accordance with . 
these inventions can classify a variety of types of things including, for 
example: 
5 • people 

• computers 

• content 

• events- , 

• transactions 

10 • objects of all types 

• combinations of things; 

• combinations of people and things. 

The matching, classifying and/or selecting processes provided 
in accordance with these inventions are very flexible and useful. For 

1 5 example, they may be used to associate people with information, 
information with other information, people with other people, 
appliances with people, appliances with information, and appliances 
with other appliances. The present inventions in their preferred 
examples can associate any kind of information, object or thing with 

20 any other kind of information, object or thing. 

Different Associations Between Classes and Rights 

The processes, systems and/or techniques provided in 
accordance with these inventions can provide and/or take into account 
many different kinds of associations between classes and rights. For 



WO 99/24928 PCT/US98/23648 

52 

example, they can look at what rights are available to a user, 
computer, data structure or any other object. They can also look to 
rights selected by an object (for example, the subset of rights ^ user . 
has chosen or otherwise identified). Alternatively or in addition, they 
5 can look to rights that have been exercised by a user or in conjunction 
with an object or other thing, and they can look to the consequences 
of exercising such a right(s). 

Embodiments in Accordance With the Present 
Inventions Can Be Used to Define Classes Based on Uni- 
1 0 Dimensional and/or Multi-Dimensional Attributes and/or 
Characteristics 

Example processes, systems and/or techniques provided in 
accordance with these inventions can be used to define classes based 
on uni-dimensional and/or multi-dimensional attributes and/or * 

1 5 characteristics. Any one or more attributes can be used. The 

attributes and/or characteristics can be flexibly defined. They may 
define groups or classes containing elements sharing certain attributes 
in common. There can, for example, be a spectrum of classification 
that takes into account gray areas as to whether a particular person or 

20 thing possesses a certain one or a number of particular attributes 

and/or characteristics. Or classification may have a higher degree of 
certainty or definition. For example, a process can test to determine 
whether particular people or things are inside or outside of particular 
classes or groups based on one or a number of attributes or 

25 characteristics (for example, whether you live in Denver, are under 
the age of 25 and are single). In accordance with additional specific 



WO 99/24928 PCT/US98/23648 

53 ' * 

features provided by these inventions, there may be a minimum 
number of different classes set up to "cover" a particular situation - 
with every person or thing either being within or outside of a given, 
disjoint class or group. 

5 Preferred Examples In Accordance \yith The Present 
Inventions Are Extensible to Accommodate Changing 
Conditions 

The systems, methods and/or techniques provided by these 

i 

inventions are extensible to accommodate changing conditions. For 
10 example, they can be made to readily adapt to changes in rules, 

consequences, topics, areas and/or subjects pertaining to groups such 
as, for example categories, and any other variable. Furthermore, 
partially and/or entirely new variables may be introduced to one or 
more existing sets of variables — for example, to extend or otherwise 
1 5 modify a model to account for additional variables, to apply a new 
strategy, to adapt to new network and/or installation circumstances, to 
adapt to new user factors, to change analysis and/or other processing 
characteristics, and so on. 

Preferred Examples In Accordance With The Present 
20 Inventions Are Compatible With Pre-Existing or Any 
New Classification Techniques or Arrangements 

The example systems, methods and/or techniques provided by 
these inventions can be made fully compatible with any classification 
and/or categorization means, method, process, system, technique, 
25 algorithm, program, and/or procedure, presently known or unknown, 



WO 99/24928 PCT/US98/23648 

54 

i 

for determining class and/or category structures, definitions, and/or 
hierarchies, and/or the assignment of at least one object, person, 
thing, and/or member to at least one class and/or category, that . 
without limitation may be: 
5 • implemented by computer and/or other means; and/or 

• based upon discrete and/or continous mathematics; 
and/or 

• using nominal, ordinal, interval, ratio and/or any other 
measurement scale and/or measurement mode; and/or 

1 0 • including parameter data; and/or 

• entail linear and/or non-linear estimation methods; 
and/or 

• any other methods. 

For example, classification can be performed using any or all of 
15 the following example classification techniques: 

• Statistical techniques that identify one or more 
clusters of cases sharing similar profiles and/or 
features, including any of the family of cluster 
analysis methods, for example, those described in 

20 Hartigan (Hartigan, J. A., Clustering Algorithms, 

New York: Wiley, 1975); 

• Methods for numerical taxonomy, for example, as 
described, for example, by Sneath and Sokal(Sneath, 
Peter H.A. and Robert R. Sokal, Numerical 



PCT/US98/23648 

Taxonomy: The Principals and Practice of Numerical 
Classification, San Francisco: W.H. Freeman, 1973); 
Any of the methods for cluster analysis, factor 
analysis, components analysis, and other similar data 
reduction/classifiction methods, for example, those 1 
implemented in popular statistical and data analysis 
systems known to those skilled in the arts, for 
example, SAS~and/or SPSS; 
Pattern classification techniques, including 
components analysis and neural approaches, for 
example, those described by, for example, Schurmann 
(Schurmann, Jurgen, Pattern Classification: A Unified 
View of Statistical and Neural Approaches, New 
York: John Wiley & Sons, 1966); 
Statistical techniques that identify one or more 
underlying dimensions of qualities, traits, features, 
characteristics, etc., and assign parameter data 
indicating the extent to which a given case has, 
possesses, and/or may be characterized by the 
underlying dimension, factor, class, etc. and/or result 
in the definition of at least one class and/or the 
assignment of at least one case to at least one class, 
for example, as described by Harman (Harman, Harry 
H., Modern Factor Analysis, 3 rd ed. rev., Chicago: 
University of Chicago Press), and/or as implemented 



PCT/US98/23648 

56 

by SAS and/or SPSS and/or other statistical analysis 
programs. 

Statistical methods that employ fuzzy logic qnd/or * 
fuzzy measurement and/or whose assignment to at 
least one class entails probabilities different from 1 or 
zero. 

Baysian statistical classification techniques that use 
estimates of prior probabilities in determining class 
definitions and/or the assignment of at least one case 
to at least one class; 

Any statistical and/or graphical classification and/or 
data reduction method that uses rotation of reference 
axes, regardless of whether orthogonal or oblique 
rotations are used, for example, as described in 
Harman, and as implemented in SAS and/or SPSS 
and/or other statistical programs; 
Statistical methods for two and three way 
multidimensional scaling, for example, the methods 
described by Kruskal and Wish (Krusgal Joseph B. 
and Myron Wish, Multidimensional Scaling, Beverly 
Hills, CA: Sage Publications, 1978), and/or by 
Shepard, et al. (Shepard, Roger N., A. Kimball 
Romney, and Sara Beth Nerlove, Multidimensional 
Scaling: Theory and Applications in the Behavioral 
Sciences, New York: Seminar Press, 1972); 



WO 99/24928 PCT/US98/23648 

57" 

• Knowedge based approaches to classification, for 
example, as described by, for example, Stefik (Stefik, , 
Mark, "Introduction to Knowledge Systems," San 
Francisco: Morgan Kauffpian, 1995); and 
5 • any other classification techniques or arrangements ' 

pre-existing or yet to be developed. 

Preferred Examples In Accordance With The Present 
Inventions Are Fully Compatible With A Wide Array , 
of Technologies Including the Distributed Commerce 
10 Utility System and the Virtual Distribution 
Environment 

Systems, methods and/or techniques provided in accordance 
with these inventions build upon and can work with the arrangements 
disclosed in "Ginter et al"; "Shear et al"; and other technology related 
15 to transaction and/or rights management, security, privacy and/or 
electronic commerce. 

For example, the present inventions can make particular use of 
the security, efficiency, privacy, and other features and advantages 
provided by the Virtual Distribution Environment described in 
20 "Ginter et al". 

As another example, a matching and classification arrangement 
can be constructed as a distributed commerce utility system as 
described in "Shear et al". The present inventions can work with 
other distributed commerce utility systems, and can enhance or be a 
25 part of other commerce utility systems. 



WO 99/24928 PCT/US98/23648 

58 

By way of non-exhaustive, more specific examples, the present 
inventions can be used in combination with (and/or make use of) any 
or all of the following broad array of electronic commerce 
technologies that enable secure, distributed, peer-to-peer electronic 
5 rights, event, and/or transaction management capabilities: 

• a "VDE" ("virtual distribution environment") providing, 
for example, a family of technologies by which . 
applications can be created, modified, and/or reused; 

• a standardized control and container environment which 
10 facilitates interoperability of electronic appliances and 

efficient creation of electronic commerce applications 
and models; 

• a programmable, secure electronic transaction 
management foundation having reusable and extensible 

15 executable components; 

• seamless integration into host operating environments of 
electronic appliances or direct employment of such 
technologies in electronic commerce applications; 

• cyberspace digital content rights and transaction 

20 management control systems that may operate in whole 

or in part over Internets, Intranets, optical media and/or 
over other digital communications media; 

• support of an electronic "world" within which most 
forms of electronic transaction such as content usage, 



PCT/US98/23648 

59 ' 

distribution, auditing, reporting, and payment activities 
can be managed; 

Transaction Operating Systems (operating systems that 
have integrated secure, distributed, and programmable 
transaction and/or event management capabilities); 

Rights Operating Systems (operating systems that have 
integrated, distributed, and programmable rights 
management capabilities); ., 

secure content container management; 

clearinghouse functions related to content usage; 

overall electronic commerce architectures that provide 
electronic commerce automation through the use of 
secure, distributed digital events management; 

the general enablement of traditional commerce behavior 
in the digital commerce world; 

enhanced inherent, distributed efficiencies of 
conventional commerce practices with powerful, reliable 
electronic security, and with the programmability and 
electronic automation efficiencies made possible by 
modern computing; 

trusted operation of a freely configurable, highly 
efficient, general purpose digital marketplace in which 



PCT/US98/23648 

60 

parties "come together" to establish commercial 
relationships; 

support of "real" commerce in an electronic form* (that is, 
the progressive creation of commercial relationships that 
form, over time, a network of interrelated agreements 
representing a value chain business model); 

enabling content control information to develop through 
the interaction of (and/or negotiation between) securely 
created and independently submitted sets of content 
and/or appliance control information; 

interconnection of appliances providing a foundation for 
much greater electronic interaction and the evolution of 
electronic commerce; 

a variety of capabilities for implementing an electronic 
commerce environment; 

a neutral, general purpose platform for commerce; 

an architecture that avoids reflecting specific distribution 
biases, administrative and control perspectives, and 
content types; 

a broad-spectrum, fundamentally configurable and 
portable, electronic transaction control, distributing, 
usage, auditing, reporting, and payment operating 
environment; 



PCT/US98/23648 

61' • 

systems and methods that uniquely enable electronic 
commerce participants to protect their interests during 
the sequence of activities' c6mprising an electronic 
commerce model; 

ability of commerce participants to assure protection by ' 
specifying rules and controls that monitor and enforce 
their interests during the processing of remote commerce 
events; 

permitting commerce participants to efficiently 
participate in, and manage, the distributed electronic 
activities of a digital value chain; 

allowing commerce model participants to, for example, 
securely and cooperatively govern and automate the 
distributed electronic activities comprising their 
collective electronic business models; 

allowing commerce model participants to securely 
contribute electronic rules and controls that represent 
their "electronic" interests; 

rules and controls that extend a "Virtual Presence™" 
through which the commerce participants govern remote 
value chain activities according to their respective, 
mutually agreed to rights; 



PCT/US98/23648 

62 

a Virtual Presence taking the form of participant 
specified electronic conditions (rules and controls) that 
must be satisfied before an electronic event may occur; , 

rules and controls that enforce the party's rights during 
"downstream" electronic commerce activities; 

control information delivered by, and/or otherwise 
available for use with, the VDE content containers 
constituting one or more "proposed" electronic 
agreements which manage the use and/or consequences 
of the use of such content and which can enact the terms 
and conditions of agreements involving multiple parties 
and their various rights and obligations; 

rules and controls from multiple parties forming 
aggregate control sets ("Cooperative Virtual 
Presence™") that ensure that electronic commerce 
activities will be consistent with the agreements amongst 
value chain participants; 

control sets defining the conditions which govern 
interaction with protected digital content (disseminated 
digital content, appliance control information, etc.); 

conditions used to control not only digital information 
use itself, but also the consequences of such use to 
protect the individual interests of commerce participants 



PCT/US98/23648 

63' 

and form cooperative, efficient, and flexible electronic 
commerce business models;' 

true, efficient electronic cooperative governance of value 
chain activities; 

empowering each commerce model. participant to 
securely deliver, and persistently maintain control over, 
the rules and controls they contributed specifying 
constraints on, and consequences of, electronic conduct; ■ 

extending Cooperative Virtual Presence over time and 
involving the execution of controls, and the use of 
content, at physically dispersed locations, such as 
Internet user sites; 

a chain of handling and control in which dispersed 
locations are bound together through the use of secure 
communication techniques and unique, secure digital 
container technology; 

ability to preserve the rights of parties through a series of 
transactions which may occur at different times and 
different locations; 

extending the ability of electronic content providers to 
control the use of proprietary information; 

allowing content providers to limit use to authorized 
activities and amounts; 



PCT/US98/23648 

64 

allowing participants (e.g., actors, directors, script and 
other writers, musicians, studios, publishers, distributors, 
retailers, advertisers, credit card services, content end- . 
users, and others) involved in a business model to have 
the ability to embody their range of agreements and 
requirements, including use limitations, into an . 
"extended" agreement comprising an overall electronic 
business model; 

representing such an extended agreement by electronic 
content control information which can automatically 
enforce agreed upon rights and obligations; 

a competitive, general purpose electronic commerce 
architecture supporting the distributed, secure 
"unmanned" electronic interaction; 

distributing such capabilities across networks and 
involving the sequence (or web) of distributed activities 
underlying electronic value chains; 

cooperative electronic governance of distributed 
electronic commerce processes that optimizes electronic 
commerce value propositions; 

the capability of electronically, remotely representing the 
interests of commerce participants to support efficient, 
flexible, commerce model automation; 



PCT/US98/23648 

65 ' 

enabling rules and controls that are independently 
contributed by multiple parties to securely merge 
together and form the collective rules and controls sets 
that reflect the electronic commerce agreements between 
parties; 

using rules and controls sets to collectively, 
automatically, govern remote .electronic conduct; 

securely managing the integration of control information ' 
provided by two or more partes; 

constructing electronic agreements between VDE 
participants that represents a "negotiation" between the 
control requirements of two or more parties and enacts 
the terms and conditions of a resulting agreement; 

ensuring and/or enforcing the rights of each party to an 
electronic agreement regarding a wide range of 
electronic activities related to electronic information 
and/or appliance usage; 

the ability to broadly support electronic commerce by 
securely managing independently delivered VDE 
component objects containing control information 
(normally in the form of method, data, or load module 
VDE objects); 

using independently delivered control information to 
negotiate with senior and other pre-existing content 



PCI7US98/23648 

66 

control information to securely form derived control 
information; 

ensuring that all requirements specified by derived* 
control information are satisfied before VDE controlled 
content is accessed or otherwise used; 

ensuring that all load modules and any mediating data 
which are listed by the derived control information as 
required are available and perform their required 
function; 

use of independently delivered control components to 
allow electronic commerce participants to freely stipulate 
their business requirements and trade offs; 

allowing electronic commerce, through the various 
control requirements stipulated by VDE participants, to 
evolve into forms of business which are the most 
efficient, competitive and useful — much as with 
traditional, non-electronic commerce; 

providing commerce participants with the ability to 
freely fashion the chains of handling and control 
pathways that protect data and processes and the freedom 
to shape the models within which their Virtual Presence 
operates — allowing commerce participants to optimally 
formulate their electronic commerce value propositions; 



PCT/US98/23648 

67' ' • 

VDEs configured to support the various underlying 
agreements between parties that define important 
electronic commerce pathways of handling for electronic 
content, content and/or appliance control information, 
content and/or appliance usage information and payment, 
and/or credit; 

allowing content creators and other providers to specify 
the pathways that, partially or fully, must be used to ( 
disseminate commercially distributed property content, 
content control information, payment administrative 
content, and/or associated usage reporting information; 

empowering commerce participants, subject to the rules 
and controls previously set in a value chain, to freely 
fashion control models implementing their Virtual 
Presence by using GUI templates or rights programming 
languages employing commerce/rights management 
components; 

component based control methods that allow the present 
inventions to efficiently operate as a highly configurable 
content control system; 

content control models that can be iteratively and 
asynchronously shaped, modified, and otherwise updated 
to accommodate the needs of VDE participants; 



PCT/US98/23648 

68 

iterative and/or concurrent multiple participant processes 
through the submission and use of secure, control 
information components (e.g., executable code such as , 
load modules and/or methods, and/or associated data); 

control information for Virtual Presence employed in 
protected processing environment nodes located at user 
sites to ensure that digital events are governed in • 
accordance with the collective rights of commerce model 
participants; 

digital events that launch or require other digital events; 

digital events that may include, for example, content use 
consequences such as collection of audit information, 
secure communication of such information, payment for 
content use, or satisfaction of any other electronically 
stated condition; 

events that occur within either the secure setting of a 
local node, or more widely within the secure 
environment of a distributed system of nodes; 

the association of Virtual Presence rules and controls 
with protected information enclosed within one or more 
electronic content containers to achieve a high order of 
configurability for Virtual Presence chains of handling 
and control; 



PCT/US98/23648 

69' 

distribution using VDE that may package both the 
electronic content and control information into the same 
VDE container, and/or may involve the delivery to an 
end-user site of different pieces of the same VDE 
managed property from plural separate remote locations , 
and/or in plural separate VDE content containers and/or 
employing plural different delivery means; 

content control information that is partially or fully 
delivered separately from its associated content to a user 
VDE installation in one or more VDE administrative 
objects; 

delivery of portions of said control information from one 
or more sources; 

making control information available for use by access 
from a user's VDE installation secure sub-system to one 
or more remote VDE secure sub-systems and/or VDE 
compatible, certified secure remote locations; 

use of delivery means that may include electronic data 
storage means such as optical disks for delivering one 
portion of said information and broadcasting and/or 
telecommunicating means for other portions of said 
information; 



PCT/US98/23648 

70 

allowing a content provider to deliver different business 
rules to a large corporate customer, compared with rules 
delivered to "retail" customers; 

supporting separation of content and Virtual Presence 
controls to allow a provider to associate different control 
sets with the same content - and not requiring the* 
provider to create one set of content controls that apply 
to all types of customers; 

allowing content provider modification overtime of rules 
and controls to reflect sales, new pricing, special 
discounts, etc. - while limiting this right by rules and 
controls provided by other parties having more senior 
rights; 

employing secure object container technology to 
efficiently implement Virtual Presence chains of 
handling and control; 

use of software container technology to significantly 
facilitate the organized dissemination of digital content, 
including the specialized form of digital content 
constituting rights control information; 

employing object software technology and using object 
technology to form containers for delivery of at least in 
part encrypted or otherwise secured information; 



PCT/US98/23648 

71 

using containers that contain electronic content products 
or other electronic information and some or all of their, 
associated permissions (control) information; 

distributing container objects, along pathways involving 
content providers and/or content users;; 

securely moving containers between nodes of a VDE 
arrangement, which nodes operate VDE foundation 
software and execute control, methods to enact electronic • 
information usage control and/or administration models; 

employing delivered containers both for distributing 
VDE control instructions (information) and/or to 
encapsulate and electronically distribute content which 
has been at least partially secured; 

supporting the essential needs of electronic commerce 
value propositions by uniting fundamental 
configurability with secure Virtual Presence; 

virtual presence across virtual networks in accordance 
with the underlying agreement amongst commerce model 
participants to allow each participant to enjoy secure, 
reliable electronic automation of commerce models; 

allowing each rights holder's Virtual Presence at a 
remote site to possess the sole authority to administer or 
delegate the participant's electronic rights; 



PCT/US98/23648 

72 

capabilities that contribute to establishing an 
environment of trusted cooperative governance; 

practical enhancements relating to the establishment of • 
secure event management and the maintenance of secure 
audit, encryption budget, and other relevant information; 

control structures for an overall, distributed, secure 
rights/event administration environment; 

processes for interaction between independently 
delivered rules and controls, including electronic 
negotiation; 

creating distributed rights operating systems; 

integrating control processes into host operating 
environments; 

secure semiconductors to support protected processing 
environments; 

a secure, programmable, digital event management 
component architecture in which components are fully 
assembleable and reusable; 

differing assemblages of components formed to reflect 
an exhaustive array of commerce model functional 
capabilities, overall model implementations, and ad hoc 
event management scenarios; 



PCT/US98/23648 

73 ' ' • 

support for the full range of digital content types, 
delivery modes, and reporting and other administrative 
activities; 

traveling objects; 

smart agents; 

"atomic" load module operation to support "sparse 
space," cost-effective, secure processing semiconductors; 

smart card and other traveling client nodes; 

creating rights management software container 
technologies, including extraction, embedding, and other 
secure container content management processes; 

Chain of Handling and Control generation of secure 
objects (containers) and associated control information; 

audit reconciliation and usage pattern evaluation 
processes; 

specialized cryptographic implementations; 

use of a specialized electronic rights and commerce 
language, unique applications for fingerprinting and/or 
watermarking technologies, secure control structures, the 
formulation of new types of metering technologies, 
reciprocal event management (employing dispersed user 
sites) for automating web-like commerce models, and 
many other designs and capabilities; 



PCT/US98/23648 

74 

mechanisms to persistently maintain trusted content 
usage and reporting control information through both a 
sufficiently secure chain of handling of content and 
content control information and through various forms of 
usage of electronic information; 

rights management technology supporting persistent, 
distributed controls; 

means enabling continuing Virtual Presence through 
Chains of Handling and Control; 

persistency of control as a unique and fundamentally 
important attribute underlying Virtual Presence and 
Chain of Handling and Control for enabling true 
commerce behavior in cyberspace including ad hoc* 
relationships and activities, distributed processes, and 
reliable enforcement of agreements between parties; 

Persistent Virtual Presence controls that continue to be 
enforced — to the extent required by the controls 
themselves — as protected digital content is, for example, 
used and reused, copied and further distributed, extracted 
and embedded, audited and reported; 

persistency responsive to rules and controls associated 
with electronic events, that causes new secure content 
containers to be created automatically by systems and 
methods supplying the procession of secure transport 



PCT/US98/23648 

' 75; ' 

vehicles required by Chain of Handling and Control for 
conveying disseminated content, associated rules and 
controls, and audit information and payment; 

container creation to carry extracted content, payment 
tokens, control information, audit information, and the 
like; 

securely generated containers carrying with them rules 
and controls stipulated by rules and controls associated • 
with one or more triggered electronic events; 

capabilities for persistency and independent secure 
delivery and merging of rules and controls that provide 
technical means for ensuring that dynamic user behavior 
can be encouraged, rather than discouraged; 

dynamic user behavior encouraged as a critical link in 
building ad hoc relationships and cost-effectively 
distributing content, while simultaneously ensuring that 
rights holders are protected and retain control over their 
business models; 

enabling ad hoc behavior that frees users from 
constraints on their conduct resulting from inflexible, 
first generation technologies; 

support for enterprising behavior that is characteristic of 
traditional commerce resulting in more efficient and 
more satisfying electronic commerce experiences: 



PCT/US98/23648 

76 

general purpose character electronic commerce 
technologies provided by a combination of important 
capabilities including component, object oriented, 
programmable control language; secure specialized 
container technology; independent delivery of secure 
control information mechanisms; Chain of Handling and 
Control persistency of control mechanisms; event driven 
operating system functions; and the advanced security 
architecture - allowing multiple simultaneous models to 
evolve, and practically and efficiently operate; 

general purpose rights and event management 
architecture that is intrinsically reusable for many 
simultaneous models — providing enormous competitive 
economic advantages over technologies that are 
essentially single model by design; 

commerce architecture client nodes that are basic pieces 
of reusable cyberspace infrastructure; 

generalized configurability resulting, in part, from 
decomposition of generalized requirements for 
supporting electronic commerce and data security into a 
broad range of constituent "atomic" and higher level 
components (such as load modules, data elements, and 
methods) that may be variously aggregated together to 
form control methods for commercial electronic 
agreements and data security arrangements; 



PCT/US98/23648 

77 ' ' 

a secure operating environment employing VDE 
foundation elements along with securely deliverable 
VDE components that enable electronic commerce 
models and relationships to develop; 

the unfolding of distribution models in which content 
providers, over time, can expressly agree to, or allow, 
subsequent content providers and/or users to participate 
in shaping the controls for,; and consequences of, use of 
electronic content and/or appliances; 

a very broad range of the functional attributes important 
for supporting simple to very complex electronic 
commerce and data security activities; 

electronic information and/or appliance usage control 
(including distribution), security, usage auditing, 
reporting, other administration, and payment 
arrangements; 

capabilities that rationalize the support of electronic 
commerce and electronic transaction management 
stemming from the reusability of control structures and 
user interfaces for a wide variety of transaction 
management related activities; 

content usage control, data security, information 
auditing, and electronic financial activities that can be 



PCT/US98/23648 

78 

supported with tools that are reusable, convenient, 
consistent, and familiar; 

a general purpose Rights Operating System emplpying a 
reusable kernel and rights language components that 
provides the capabilities and integration needed for the 
advanced commerce operating systems of the future; 

a general purpose, reusable electronic commerce 
capabilities'thaf "all participants can rely on will become 
as important as any other capability of operating 
systems; 

such a rights operating system providing rights and 
auditing operating system functions and other operating 
system functions — the rights and auditing operating 
system functions securely handling tasks that relate to 
virtual distribution environment; 

secure processing units and/or protected processing 
environments that provide and/or support many of the 
security functions of the rights and auditing operating 
system functions; 

an overall operating system designed from the beginning 
to include the rights and auditing operating system 
functions plus the other operating system functions or 
incorporation of the rights and auditing operating system 



WO 99/24928 



79, 



PCT/US98/23648 



functions as an add-on to a preexisting operating system 
providing the other operating system functions; 

• operating system integration and the distributed 
operating systems; and 

5 • a rational approach - a transaction/distribution control 

standard - allowing all participants in VDE the same 
foundation set of hardware control and security, 
authoring, administration, and management tools, for 
widely varying types of information, business market 
10 model and/or personal objectives; 

Any or all of these features may be used in combination with 
the inventions disclosed herein. 

Brief Description of the Drawings 

1 5 These and other features and advantages will be better and 

completely understood by referring to the following detailed 
description of presently preferred example embodiments in 
accordance with the drawings, of which: 

Figures 1A-4 show "prior art" examples of how it is hard to 
20 find things you need or want; 

Figures 5-12 are simplified examples of what example systems, 
methods and techniques in accordance with these inventions can do; 



WO 99/24928 PCT/US98/23648 

80 

Figures 13, 14 and 14A show an example matching and 
classification utility system architecture; 

Figures 1 5-15G show examples of how a matching and 1 
classification utility system can interact with other commerce utility 
5 systems; 

Figures 16A-16C show examples of distributed matching and 
classification utility system organizations; 

Figure 1 7 shows example matching and classification utility 
system functionality definitions; 

1 0 Figures 1 8-46(B) show example steps that may be performed 

by the example matching and classification utility system; and 

Figures 47-70 show some example matching and classification 
utility system applications. 

Detailed Description Of Presently Preferred Example 
15 Embodiments 

Figures 5-12 and the discussion above provide an introduction 
to the following detailed description of presently preferred 
embodiments in accordance with these inventions. The "electronic 
matchmaker" shown in Figures 5-12 is implemented in these more 
20 detailed embodiments by a matching and classification utility system 
900. 



WO 99/24928 PCT7US98/23648 

' ' 81' ' • 

Example Matching And Classification Utility 

Figure 1 3 shows an example matching and classification utility , 

system 900 as including: 

• an object classifier 902; 

5 • a user (people) classifier 904; and * 

• a matching engine 906. 

Object classifier 902 classifies things. User classifier 904 
classes people. Matching engine 906 matches things with other 
things, things with people, and/or people, with other people. 

1 0 In more detail, object classifier 902 receives information about 

objects and uses that information to classify those objects into groups 
based on the qualities or characteristics of the objects. For example, 
the object classifier 902 may classify objects of the type described in 
in "Ginter et al". Such objects may comprise information and/or 

1 5 associated rules for using the information. For example, object 
classifier 902 may receive as inputs: 

• rights management information 909 such as rules 
and/or associated consequences; 

• things 908 controlled or affected by such rights 
20 management information including, for example 

content objects or other information subject to such 
rules; 

• items 910 such as metadata, abstracts or the like that 
describe the things 908; and/or 



WO 99/24928 PCT/US98/23648 

82 

• other information of any type. 

Object classifier 902 classifies and/or selects things based at 
least in part on these inputs. 

In this example, user classifier 904 is a type of object classifier 
5 that is specially adapted to classify people. User classifier 904 can 
classify people based, for example, on: 

• audit trails 912 indicating how people have used their 
computers and other electronic appliances; 

• profiles 914 developed by asking users questions 
1 0 about their preferences; 

• controls 909' that are associated, at least in part, with 
the user or things the user uses; 

• object descriptors 910' that describe objects used by 
the user; and/or 

1 5 • other information about and/or relating to the user. 

User classifier 904 classifies and/or selects people based at 
least in part on these inputs. 

Matching engine 906 receives, as inputs, the classifications 
and/or selections made by the object classifier 902 and/or the user 
20 classifier 904. Matching engine 906 matches things with things, 

things with people and/or people with people (or any combination of 
these) based on these selection and/or classification inputs. 



WO 99/24928 PCT/US98/23648 

83. • 

Example More Detailed Architecture 

Figure 14 shows a more detailed architectural diagram of 
matching and classification utility 900. in this example, matching 
and classification utility 900 receives a variety of inputs including, for 

5 example, some or all of the following: 

i ■ 

• objects 908 and/or information about objects 
including controls 909 and/or object descriptors 910; 

• content 950; 

• audit trail information 916; 

10 • user information such as profiles 914; 

• class information 952; 

• user information 954; 

• other rights management ipformation 956; 

• matching criteria 958; 

1 5 • selection criteria 960; and/or 

• other information. 

Matching and classification utility 900 in this example can 
provide a variety of different outputs including, for example, some or 
all of the following: 
20 • matching information 920; 

• class hierarchies 962; 

• category definitions 922 and class definitions 970; 

• classified objects 908C; 

• audit records 964 indicating the results of 

25 classification, matching, and or selecting processes; 



WO 99/24928 



PCT/US98/23648 



84 



reports 966 indicating the results of classification, 
matching, and/or selecting processes; 
targeted objects and/or pointers 968; 



controls 909; 



other rights management information; and 

other classification, matching and/or selection. related 



information. 



10 



15 



20 



A Preferred Embodiment Matching and 
Classification Utility 900 is a VDE-Aware Commerce 
Utility System 

In the preferred embodiment, matching and classification utility 
900 is constructed as a commerce utility system 90 as described in 
"Shear et al", and may comprise one or more processes securely 
distributed over one or more secure electronic appliances within a 
"Virtual Distribution Environment" as described in "Ginter et al". 
Furthermore, the present inventions can be used in combination with 
and/or make use of a wide array of distributed electronic 
administrative and support services that may be referred to as the 
"Distributed Commerce Utility." Such a Distributed Commerce 
Utility may be, among other things, an integrated, modular array of 
administrative and support services for electronic commerce and 
electronic rights and transaction management. The Distributed 
Commerce Utility provides, among other advantages, comprehensive, 
integrated administrative and support services for secure electronic 
commerce and other forms of electronic interaction. These 



WO 99/24928 PCT/US98/23648 

85 ' ' 

administrative and support services can be used to supply a secure 
foundation for conducting financial management, rights management, 
certificate authority, rules clearing, usage clearing, secure directory 
services, and other transaction related capabilities functioning over a 
5 vast electronic network such as the Internet and/or over organization . 
internal Intranets, or even in-home networks of electronic appliances. 
Such electronic interactions supported by the Distributed Commerce 
Utility may, for example, entail the broadest range of appliances and 

i 

distribution media, non-limiting examples of which include networks 
10 and other communications channels, consumer appliances, computers, 
convergent devices such as WebTV, and optical media such as CD- 
ROM and DVD in all their current and future forms. 

These administrative and support services can, for example, be 
adapted to the specific needs of electronic commerce value chains in 

1 5 any number of vertical markets, including a wide variety of 

entertainment applications. Electronic commerce participants can, for 
example, use these administrative and support services to support 
their interests, and/or they can shape and reuse these services in 
response to competitive business realities. Non-exhaustive examples 

20 of electronic commerce participants include individual creators, film 
and music studios, distributors, program aggregators, broadcasters, 
and cable and satellite operators. 

The Distributed Commerce Utility can, for example, make 
optimally efficient use of commerce administration resources, and 



WO 99/24928 PCT/US98/23648 

86 

can, in at least some embodiments, scale in a practical fashion to 
optimally accommodate the demands of electronic commerce growth. 
The Distributed Commerce Utility may, for example, comprise a 
number of Commerce Utility Systems. These Commerce Utility 
5 Systems can provide a web of infrastructure support available to, and 
reusable by, the entire electronic community and/or many or all of its 
participants. Different support functions can, for example, be 
collected together in hierarchical and/or in networked relationships to 
suit various business models and/or other objectives. Modular support 
1 0 functions can, for example, be combined in different arrays to form 
different Commerce Utility Systems for different design 
implementations and purposes. These Commerce Utility Systems 
can, for example, be distributed across a large number of electronic 
appliances with varying degrees of distribution. 

1 5 Such a "Distributed Commerce Utility 1 ' provides numerous 

additional capabilities and benefits that can be used in conjunction 
with the particular embodiments shown in the drawings of this 
application, non-exhaustive examples of which include: 

* Enables practical and efficient electronic commerce and rights 
20 management. 

• Provides services that securely administer and support 
electronic interactions and consequences. 



WO 99/24928 PCT/US98/23648 

87 v ' • 

• Provides infrastructure for electronic commerce and other 
forms of human electronic interaction and relationships. 

• Optimally applies the efficiencies of modern distributed 
computing and networking. 

5 * Provides electronic automation and distributed processing. 

• Supports electronic commerce and communications 
infrastructure that is modular, programmable, distributed and 
optimally computerized. 

• Provides a comprehensive array of capabilities that can be 

1 0 combined to support services that perform various administrative and 
support roles. 

• Maximizes benefits from electronic automation and 
distributed processing to produce optimal allocation and use of 
resources across a system or network. 

15 * Is efficient, flexible, cost effective, configurable, reusable, 

modifiable, and generalizable. 

• Can economically reflect users 1 business and privacy 
requirements. 

• Can optimally distribute processes - allowing commerce 
20 models to be flexible, scaled to demand and to match user 

requirements. 



WO 99/24928 PCT/US98/23648 

88 

• Can efficiently handle a full range of activities and service 
volumes. 

• Can be fashioned and operated for each business model, as a 
mixture of distributed and centralized processes. 

.5 • Provides a blend of local, centralized and networked . 

capabilities that can be uniquely shaped and reshaped to meet 
changing conditions. 

• Supports general purpose resources and is reusable for many 
different models; in place infrastructure can be reused by different 

1 0 value chains having different requirements. 

• Can support any number of commerce and communications 
models. 

• Efficiently applies local, centralized and networked resources 
to match each value chain's requirements. 

1 5 * Sharing of common resources spreads out costs and 

maximizes efficiency. 

• Supports mixed, distributed, peer-to-peer and centralized 
networked capabilities. 

• Can operate locally, remotely and/or centrally. 

20 ■ Can operate synchronously, asynchronously, or support both 

modes of operation. 



WO 99/24928 PCT/US98/23648 

89; ' 

• Adapts easily and flexibly to the rapidly changing sea of 
commercial opportunities, relationships and constraints of 
"Cyberspace." 

Any or all of these features may be used in combination with 
5 the inventions 'disclosed herein. 

In more detail, as shown in Figure 14A, matching and 
classification utility 900 may include one or more rights operating 

i 

system layers 90-1; one or more commerce utility support service 
layers 90-4; one or more service application connect layers 90-3; and 
1 0 one or more service functions 90-B: One or more protected 

processing environments 154 may be used to support secure functions 
90-D. Matching and classification utility 900 may be controlled, at 
least in part, by rights management information such as for example: 

• VDE-compatible controls 909; 

] 5 • rules and/or their consequences; and/or 

• other rights management information. 

Matching and Classification Utility Can Interact 
With Other Commerce Utility Systems 

Figure 1 5 shows that matching and classification utility 900 
20 can interact and interrelate with other commerce utility systems 
described in "Shear et al" including for example: 

• financial clearinghouses 200, 

• usage clearinghouses 300, 

• rights and permissions clearinghouses 400, 



WO 99/24928 PCT/US98/23648 

90 

• certifying authorities 500, * 

• secure directory services 600, 

• transaction authorities 700, 

• VDE administrators 800, and/or 

5 • other commerce utility systems 90. 

Figures 15A-15G show example detailed interactions between 
matching and classification utility 900 and these various other 
commerce utility systems 90. 

Figure 1 5 A shows interactions between matching and 
10 classification utility 900 and a financial clearinghouse 200. For 
example, matching and classification utility 900 may send the 
financial clearinghouse 200: 

• requests for information, 

• class information such as classes and/or class 
15 assignments, 

• bills and charges, and/or 

• other information. 

Financial clearinghouse 200 may send matching and 
classification utility 900: 
20 • money, 

• audit records, 

• payment data, 

• user data, and/or 

• other information. 



WO 99/24928 PCT/US98/23648 

91. ' • ' ' 

Figure 1 5B shows example interactions between matching and 
classification utility 900 and usage clearinghouse 300. Matching and 

classification utility 900 may send the usage clearinghouse 300: 

• requests for information,. 

5 • class information such as classes and/o class 

assignments, ' 

• audit information, and/or 

• other information. . 

i 

Matching and classification utility 900 may receive from usage 
10 clearinghouse 300: 

• requests for class information, 

• usage and/or rights management information, 

• audit records, and/or 

• other information. 

1 5 Figure 1 5C shows example interaction between matching and 

classification utility 900 and rights and permissions clearinghouse 
400. In this example, rights and permissions clearinghouse 400 sends 
matching and classification authority 900: 

• controls sets and/or object information; 
20 • requests for class information; 

• clearinghouse usage data; and/or 

• other information. 



In this example, matching and classification utility 900 sends 
the rights and permissions clearinghouse 400: 



WO 99/24928 PCT/US98/23648 

92 

• rights management information such as control sets, 

• requests for information, 

• class related information such as classes and/or class, 
assignments, and/or 

5 • other information. 

Figure 15D shows example interaction between matching and 
classification utility 900 and certifying authority 500. In this 
example, certifying authority 500 sends matching and classification 
utility 900: 
1 0 • revocation lists, 

• certificates, 

• certifying authority usage information, 

• requests for classification information, and/or 

• other information. 

15 In this example, the matching and classification utility 900 

sends the certifying authority 500: 

• revocation list checks, 

• requests for certificates, 

• requests for usage information, 

20 • classification related information such as classes 

and/or class assignments, and/or 

• other information. 



Figure 1 5E shows an example interaction between the matching 
and classification utility 900 and a secure directory services 600. In 



WO 99/24928 PCT/US98/23648 

93 ' • 

this example, the matching and classification utility 900 sends the 
secure directory services 600: 

• directory lookup information, 

• class related information such as classes and/or class 
5 assignments, 

• requests for information,. and/or 

• other information. 

In this example, the secure directory services 600 sends the ' 
matching and classification utility 900: 
10 • directory services usage information, 

• directory information, 

• requests for classification information, and/or 

• other information. 

Figure 15F shows an example interaction between the matching 
1 5 and classification utility 900 and a transaction authority 700. In this 
example, the matching and classification utility 900 sends the 
transaction authority 700: 

• class related information such as classes and/or class 
assignments, 

20 • requests for transaction usage information, 

• requests for control sets, and/or 

• other information. 



In this example, the transaction authority 700 sends the 
matching and classification utility 900: 



WO 99/24928 PCT/US98/23648 

94 

• transaction usage information, 

• transaction control sets, 

• requests for classification information, and/or ( . 

• other informati on . 

5 Figure 15G shows an example interaction between the 

matching and classification utility 900 and a VDE administrator 800. 
In this example, the matching and classification utility 900 sends the 
VDE administrator 800: 

• requests for administration, 

1 0 • class related information such as classes and/or class 

assignments, 

• requests for node and/or web information, and/or 

• other information. 

In this example, the VDE administrator 600 sends the matching 
1 5 and classification utility 900: 

• requests for classification information, 

• administrative information, 

• node and/or user data, and/or 

• other information. 

20 Matching and Classification Utility System Can Be In 
a Hierarchy of Commerce Utility Systems 

Figure 16A shows an example of an administrative and support 
service hierarchy including matching and classification utility 
system(s) 900. In this example, a number of centralized overall 



WO 99/24928 PCT/US98/23648 

matching and classification utility systems 900 and/or other 
Commerce Utility Systems 90 delegate some or all of their work 
responsibilities to other Commerce Utility Systems 90. In the 
particular example shown, Commerce Utility Systems 1 54 may 

5 provide services to one or more members of one or more classes, for ■ 
example, to members of the class "manufacturing companies in the 
Pacific rim." Organizations, such as companies, non-profit groups or 
the like may have their own Commerce Utility Systems 1 56. Certain 
electronic commerce or other activities (the entertainment industry, 

1 0 for example) might have their own vertically-specialized Commerce 
Utility Systems 158. Certain geographical, territorial or jurisdictional 
groups (e.g., Commerce Utility Systems services provided with a 
particular nation or state within nation, one example of which might 
be all purchasers of particular products within the state of Wisconsin) 

1 5 may have their own territorial/jurisdictional specialized Commerce 
Utility Systems 160. Commerce Utility Systems 154, 156, 158, 160 
lower in the hierarchy may, in turn, further delegate authorities or 
responsibilities to particular consumers, organizations or other 
entities. 

20 In one example arrangement, the Commerce Utility Systems 90 

to which authority has been delegated may perform substantially all 
of the actual support work, but may keep the delegating Commerce 
Utility Systems 90 informed through reporting or other means. In 
another arrangement, the delegating Commerce Utility Systems 90 

25 have no involvement whatsoever with day to day activities of the 



WO 99/24928 PCT/US98/23648 

96 

Commerce Utility Systems to whom they have delegated work. In 
still another example arrangement, the more specialized Commerce 
Utility Systems do some of the work and the more overarching 
Commerce Utility Systems do other parts of the work. The particular 

5 division of work and authority used in a particular scenario may 
largely depend on factors such as efficiency, trustedness, resource 
availability, the kinds of transactions being managed, and a variety of 
other factors. Delegation of clearing authority may be partial (e.g., 
delegate usage aggregation but not financial. or rights management 

1 0 responsibilities), and may be consistent with peer-to-peer processing 
(e.g., by placing some functions within consumers' electronic 
appliances while keeping some other functions centralized). 

Matching and Classification Utilities Can Provide 
Services to Classes of Nodes, Users, Content Services 
15 and/or Transaction Services 

Figure 16B shows an example of how Matching and 
Classification Utilities 900 can provide services to classes of nodes, 
users, content services and/or transaction services. In this example, 
matching and classification utility systems 900(1), ... 900(N) provide 

20 horizontally specialized matching and/or classification services for 
different purposes. For example, matching and classification utility 
900(1) serves VDE administrative type functions by classifying VDE 
deployment related information and associated objects. Matching and 
classification utility 900(2) specializes in higher education 

25 classification tasks. Matching and classification utility 900(3) 



WO 99/24928 PCT/US98/23648 

97'- ■ 

specializes in business information related tasks, and matching and 
classification authority 900(N) specializes in trading transactions. 
Any of these specialties can be combined together, so that a single 
utility system 900 can perform multiple functions or portions of 
5 functions. 

Multi-Function Commerce Utility Systems Can be 
Organized Hierarchically or Peer-to-Peer 

Figure 16C shows a still different, more complex Matching and 
Classification Commerce Utility System 900 environment including 

1 0 elements of both a hierarchical chain of command and a high degree 
of cooperation in the horizontal direction between different multi- 
function matching and classification utility systems 900. In this 
example, there are five different levels of responsibility with a master 
or overarching matching and classification utility system 900(1) on 

15 level 1 having the most authority and with additional matching and 
classification utility systems on levels 2, 3, 4, and 5 having 
successively less power, authority, control, scope and/or 
responsibility. Figure 16C also shows that different matching and 
classification utility systems 900 on the same level may have different 

20 functions, scopes and/or areas of responsibility. For example: 

• a Matching and classification utility system 900(2)(1) may 
be a "type A" Matching and classification utility system, 

• Matching and classification utility system 900(2)(2) might 
be a "type B" Matching and classification utility system, and 



WO 99/24928 PCT/US98/23648 

98 

t 

• Matching and classification utility system 900(2)(3) might 
be a "type C" Matching and classification utility system. 

On the next level down, Matching and classification utility 
systems might be type A Matching and classification utility system 

5 (such as, 900(3)(1) and 900(3)(2)), they might be type B Matching , 
and classification utility systems (such as, 900(3)(4)), they might be 
type C Matching and classification utility systems (such as, 900(3 )(5), 
900(3)(6)), or they might be hybrids - such as, Matching and 
classification utility system 900(3)(3) which is a hybrid having type A 

10 and type B functions. Figure 16C also shows that additional 

clearinghouses on levels 4 and 5 might have sub-types as well as 
types. 

A matching and classification utility 900 might break out along 
content classes (e.g., movies; scientific, technical and medical; and 

1 5 software). Subtype A might include first run movies, oldies, and art 
films; subtype B might handle journals and textbooks; and type C 
might be responsible for games, office, educational content. Peer-to- 
peer communications between clearinghouses could involve differing 
classes of consumers, differing jurisdictional classes, differing 

20 payment methods classes, and/or any other class distinction. 

Matching and Classification Utility System Can Be 
Constructed From Object-Oriented Service Functions 

Figure 14A shows Matching and Classification Utility 900 can 
be constructed from service functions. Figure 1 7 shows in more 



WO 99/24928 



99 



PCT/US98/23648 



detail how a matching and classification utility system 900 can be 
constructed based on service .functions such as for example: 

automatic class generation, 

automatic matching, 
5 automatic class assignment, 

class based searching, 

class based directory, 

audit by class, 

market research, 
1 0 rights management language processing, 

other service functions. 



Example Detailed Steps Carried Out By Matching 
and Classification Utility System 900 

1 5 The next section of the specification describes some example 

steps performed by the matching and classification utility 900. 

Example Steps to Categorize Objects and/or Users 
and/or Appliances 

Figure 1 8 shows example steps to categorize objects, and 
20 Figure 19 shows example steps to categorize users 95 and/or 



WO 99/24928 PCT/US98/23648 

100 

appliances 100. The overall categorization steps in these examples 
are — at this level — similar to one another. The processes begin by 
getting input data (Figure 1 8 5 block 1 840, Figure 1 9, block 1 840'). , 
Next, a classification and/or categorization method is selected 

5 (Figures 1 8 5 block 1 842; Figure 19, block 1842'). The process then 
assembles a data matrix and applies the selected classification, method 
to the data matrix (Figure 1 8, blocks 1 844, 1 846; Figure 1 9, blocks 
1 844', 1 846'). In addition or alternatively, other data reduction . 
methods may be used (Figure 1 8, block 1848; Figure 19, block 

1 0 1 848'). Next, the process assigns objects and/or users and/or 

appliances to the categories developed by the classification method 
that has been applied (Figure 1 8, block 1 849; Figure 19, block 1 849'). 
Finally, the process stores the results in electronic and/or non- 
electronic storage in the "write output data" step (Figure 18, block 

1 5 1 850; Figure 1 9, block 1 850'). 

The "get input data" step 1 840, 1 840' may involve obtaining 
attribute and/or parameter data from various sources including, for 
example: 

• electronic appliance related attribute data; 
20 • user demographic data; 

• user psychographic data; 



available rights management rules and/or consequences 
(e.g., permissions records); 



WO 99/24928 PCTAJS98/23648 

101' 

• exercised rights management rules.and/or consequences 
(e.g., permissions records); 

• rights management and/or other audit and/or usage records; 

• any third party source of any information, including rights , 
5 management, usage, audit, statistical, personal, 

organizational, political, economic, social, religious, 
business, government, medical, research, academic, literary, 
military, and/or information and/or data in any format 
known or unknown concerning any and all other topics that 
10 may contribute to the definition of at least one class and/or 

the assignment of at least. one object to a class. 

Detailed example steps for harvesting this data are detailed below in 
connection with Figures 24-46B. This resulting attribute data may be 
accumulated and aggregated together to form a composite record used 
1 5 as the input to the classification process. 

Figure 20 shows an example composite record 1 852. This 
composite classification record may contain attributes derived from 
any or all of a variety of rights management and/or other data 
"harvesting" processes. For example, composite record 1852 may 
20 include demographic and/or psychographic data obtained by querying 
the user 95. It may contain usage data obtained by monitoring audit 
information produced by various usage transactions. It may contain 
information reflecting user choices concerning rights management 



WO 99/24928 PCT/US98/23648 

102 

information, the rights management information available to 
particular users and/or objects, and rights management processes 
actually performed with respect to particular users and/or particular . 
objects. The information may be analyzed first to provide statistical 

5 and/or other summary information, or individual, more granular 
information may be provided. The composite record 1852 may also 
contain attributes of particular electronic appliance 100 installations. 
The particular example composite record 1.852 shown in Figure 20 is 
one non-limiting example composite attribute record containing 

1 0 attributes obtained through a number of different "harvesting 1 ' 

processes. The composite record 1852 may be organized in a way to 
allow easy and efficient selection of desired attributes in the course of 
a database lookup, for example, and to allow easy and efficient 
selection and/or coding as input to any aspect of a classification 

1 5 and/or the assignment of one or more objects to at least one or more 
classes. 

The Figure 21 example cluster analysis process is one example 
of steps that may be performed as part of the "apply classification 
method(s)" block 1846, 1846' of Figures 18, 19. (A classification 

20 method, or any other method described in these processes, may be 
utilized as part of a "knowbot", "agent", "traveling agent", and/or 
"smart agent", a non-limiting example of which is described in 
"Ginter et al", for example, Figure 73.) In this particular example, the 
process selects variables and cases (blocks 1 860, 1 862, Figure 21), 

25 and then assembles an appropriate data matrix (block 1 864). A 



WO 99/24928 PCI7US98/23648 

i 1 

conventional cluster analysis is then applied (block 1866, Figure 21). 
The clusters may be interpreted to determine what they mean (Figure 
21, block 1868), or they may be compared with previous results and if 
sufficiently similar, they may be assumed to reflect the same classes 
5 as the earlier classification procedure thus minimizing the need for 
additional interpretation of the clustering results. Step 1 868 may be 
performed automatically or manually, or a combination of automatic 
and manual processing may be used. Finally, individual cases may be 
assigned to individual clusters to complete the classification process 
10 (Figure 21, block 1870). 

Figures 22, 23 show two examples of classification outputs, 
produced by the Figure 21 process. In the Figure 22 example, 
information from several individuals has been used to create two 
example categories that reflect differing use profiles. More classes 
1 5 may have been defined than those example classes shown here. Users 
assigned to the same class have many more features, behavior, and/or 
other attributes in common than each of them does with members 
assigned to other classes. 

In example Figure 22, members of class 1 tend to spend more 
20 per content item purchased, travel abroad more frequently, are more 
interested in national and international news, business and travel 
information, and generally do not participate in "pay per view" events 
and/or content consumption. Members of class 1 also tend to add 
new rights and/or modify existing rights management controls for 



WO 99/24928 PCT/US98/23648 

104 

content, for instance, to add a markup and redistribute the content in 
one example, may be less likely to express a religious preference 
and/or affiliation, and tend to use the Internet as an area for "surfing", 
and exploration. 

5 Members of class 2 tend to pay less for content purchased, 

seldom travel abroad, tend to be interested in sports, religious content 
and events, and are more often consumers of movies than are 
members of class 1. Members of class 2 are more likely to "pay per 
view" than are members of class 1, and are much less likely to add 

1 0 new controls to content and/or modify rights acquired. Members of 
class 2 are more likely to express a religious preference and among 
those that do, Protestant denominations are more frequently 
mentioned. Members of class 2 may use the Internet, but tend to. do 
so as part of their work role and responsibilities rather than as 

1 5 entertainment, hobbies, and other leisure-time pursuits. 

Some methods of classification produce parameter data rather 
than assignment of objects to more discrete (or fuzzy or other kinds 
of) classes. Instead, this parameter data may indicate the extent to 
which an object possesses one or more traits, attributes, or class 
20 characteristics. For instance, a person may have been assigned to 
class 1 (call it "the cosmopolitan class") or class 2 (call it "the 
parochial class") as shown in Figure 22; however, using other 
procedures the same example persons may be assigned parameter data 



WO 99/24928 PCT/US98/23648 

105' 

reflecting the extent or degree to which they are "cosmopolitan 11 or 
"parochial" or some of each.. 

In the example process that generates the information shown in 
Figure 23 A, data for several individuals has been arranged in a case 

5 (row) by variable (column) matrix and using means known to those 
skilled in the arts, subjected to principal components analysis with 
subsequent Varimax axis rotation. Components with eigenvalues 
>1 .0 were retained for subsequent rotation and use. After rotation, • 
each case was assigned a score on each retained (and rotated) 

1 0 component. Each score indicates the extent to which the case has the 
characteristic represented by the component. 

The hypothetical data in Figure 23 A shows how strongly each 
variable (the column of the input matrix) is correlated with the 
underlying characteristic or component. For example, "region of the 
15 US" and "Family income" are highly correlated while "owns a sports 
utility vehicle" is not. 

Using results such as these plus the input data matrix, a score is 
assigned to each case indicating the extent to which they posses the 
trait, attribute, characteristic indicated by each factor or component. 
20 The hypothetical data in Figure 23B shows how strongly each case — 
a person or thing - is a member of the class, and/or possesses the 
underlying variable represented by each component. A higher score 
shows that example case 1 has more of the underlying component 1 
than does example case 3, whose score is close to zero. Components 



WO 99/24928 PCTAJS98/23648 

106 

(factors) may be bipolar with a zero point and cases whose scores 
may be positive, negative or zero. Hypothetical example case 5 has a 
negative score on this component. ( , 

This component score information may be used by the 
5 matching and classification utility 900 to define certain other classes,, 
such as "the class consisting of the top 5% of those who are 
cosmopolitan," that is, the 5% with the highest scores on example 
component 1. The original scores and/or derivative class assignments 
may be included on attribute records with attribute and/or class 
1 0 information harvested from other sources and/or through other 
processes. 

DATA HARVESTING 

Example Steps For Collecting Appliance Related Data 

Figure 24 shows example steps performed by the matching and 
1 5 classification utility 900 to collect appliance attribute data. In this 
example, an electronic appliance 100 may have certain information 
associated with it. For example, a VDE administrator 800 may 
initialize appliance 100 with certain information upon appliance 
installation. In this example, the matching and classification utility 
20 900 can collect this appliance attribute data and use it as part of a 

matching and/or classification and/or selection process. As shown in 
Figure 24, the matching and classification utility 900 may initially 
specify desired appliance attribute fields or other information 
characteristics the utility is going to collect (Figure 24, block 1 502). 



WO 99/24928 PCT/US98/23648 

107' • 

The information to be collected depends upon the purpose and use to 
which the matching and classification utility 900 is to put the 
information to. The matching and classification utility 900 may use a 
data dictionary or other mechanism for specifying the desired types of 
5 appliance information it is going to collect. 

The matching and classification utility 900 next determines 
whether it already possesses the desired information for this particular 
appliance 100 (Figure 24, block 1504). Fpr example, the information ' 
may have been previously gathered as part of a prior process. If the 

1 0 information is already available, the matching and classification 
utility 900 sends one or more events to a "create appliance attribute 
record" method to process the previously gathered data (Figure 24, 
block 1506). (In all these processes, if the appropriate method is has 
been sent previously to a VDE installation, only the associated 

1 5 administrative events necessary to activate the method need to be sent 
in the VDE container.) Alternatively, if the desired data is not already 
available ("no" exit to decision block 1504, Figure 24), the matching 
and classification utility 900 performs the other steps shown in Figure 
24 to collect the appliance attribute data. 

20 These collecting steps shown in Figure 24 may include sending 

a VDE container 152 with a "create appliance attribute record" 
method, and one or more associated administrative events to activate 
the method, to the VDE administrator 800 (Figure 24, block 1508). 
The next step (Figure 24, block 1510) may be performed by the VDE 



WO 99/24928 PCT/US98/23648 

108 

administrator 800 processing the administrative event(s) using the 
"create appliance attribute record" method to determine whether the 
administrator already has the desired information for the particular . 
electronic appliance 100. If the operation is successful ("yes" exit to 

5 decision block 1512, Figure 24), the VDE administrator 800 may 
send, to the matching and classification utility 900, a VDE container 
152 containing one or more administrative events and the appliance 
attribute record (Figure 24, block 1514). If the operation is not 
successful ("no" exit to decision block 1512, Figure 24), the "create 

1 0 appliance attribute record" method operating at VDE administrator 
800 may, in this example, collect the data directly from the electronic 
appliance 100 by sending a VDE container to the appliance, the 
container containing a "create appliance attribute record" method and 
one or more associated administrative events (Figure 24, block 1516). 

1 5 The appliance 100 may itself process the administrative event(s) 
using the "create appliance attribute record" method (Figure 24, 
block 1 5 1 8) to produce the required appliance attribute record. 
Appliance 1 00 may then send a VDE container 1 52 containing the 
appropriate administrative event(s) and the appliance attribute record 

20 to the matching and classification utility 900 (Figure 24, block 1 520). 

In another example, blocks 1 508-1 5 1 4 may be bypassed 
entirely, and the matching and classification utility 900 may 
(assuming appropriate authorizations are in place) perform block 
15 1 6 to send a container 1 52 with one or more administrative events 



WO 99/24928 PCT/US98/23648 

109 

and the "create appliance attribute record" method directly to the 
electronic appliance 100. 

Figures 25(A) and 25(B) .together show example steps 
performed by the "create appliance attribute data" method shown in 
5 Figure 24 5 blocks 1506, 1510 and 1518. , As disclosed in "Ginter et 
al", the actual processing steps are performed by one or more load 
modules associated with the method. This' example method (which, 
as explained above, may be performed by the matching and 
classification utility 900, the VDE administrator 800, the electronic 

1 0 appliance 1 00, any other electronic appliance, or a combination of 
any or all of these) first locates the site configuration record(s) 
corresponding to the electronic appliance for which appliance 
attribute data is to be collected (Figure 24A, block 1522). This site 
configuration record(s) may, for example, be stored in the electronic 

1 5 appliance secure database. The method next locates the permissions 
record for the site configuration record(s) (Figure 24A, block 1523). 
The SPE next determines, based upon the permission record(s), 
whether the method has permission to access and/or use the site 
configuration record(s) (Figure 25 A, block 1524). If the method does 

20 not have the appropriate permission ("no" exit to decision block 1524, 
Figure 25 A), the protected processing environment 154 reports the 
failure and reason for the failure, and the method writes an associated 
audit record (Figure 25 A, block 1525, 1526) and goes on to process a 
user configuration record(s). On the other hand, if the method does 

25 have permission to use the site configuration record(s) ("yes" exit to 



WO 99/24928 PCT/US98/23648 

110 

decision block 1524, Figure 25A) 5 the method copies the required 
fields from the site configuration record(s) to create an appliance 
attribute record, and may then write an appropriate audit record 
(Figure 25 A, block 1527). 

5 , After completing processing of site configuration records, the ( 

method then locates the user configuration record(s) corresponding to 
the electronic appliance for which appliance attribute data is to be 
collected (Figure 25B, block 1 528). This user configuration record(s) 
may, for example, be stored in the electronic appliance secure 

10 database. The protected processing environment 154 next locates the 
permissions record for the user configuration record(s) (Figure 25B, 
block 1529). The protected processing environment 154 determines 
next, based upon the permission record(s), whether it has permission 
to access and/or use the user configuration record(s) (Figure 25B, 

1 5 block 1 530). If the method does not have the appropriate permission 
("no" exit to decision block 1530, Figure 25B), the protected 
processing environment 154 reports the failure and reason for the 
failure, and the method writes an associated audit record (Figure 25B, 
block 1531,1 532) and exits the process. On the other hand, if the 

20 method does have permission to use the user configuration record(s) 
("yes" exit to decision block 1 530 } Figure 25B), the method copies 
the required fields from the user configuration record(s) to create an 
appliance attribute record, and may then write an appropriate audit 
record (Figure 25B, block 1 533). The method may then, if desired, 

25 create a new permissions record corresponding to the appliance 



WO 99/24928 PCT/US98/23648 

111. 

attribute record (Figure 25B, block 1534). If a new permissions 
record is desired, the method may include appropriate "shared 
secrets/' expiration interval(s), and/or other data in an associated 
MDE to, for example, provide a basis for controlling access, use, and 
5 modification of the permissions record. 

Figures 26A-26C show examples of appliance attribute records . 
created by Figure 25B, block 1 532. Figure 26A shows an example 
appliance attribute record that may include, for example, an appliance ■ 
identification field 1536(1) and any number of attribute fields 

10 1538(1).. .1538(n). Figure 26B shows a more specific appliance 

attribute record example including an appliance ID field 1536(1), an 
operating system field 1538(A), a country field 1538(B), a state field 
1 538(C), a VDE administrator organization field 1 538(D), a VDE 
version field 1538(E), and a VDE maintenance level field 1538(F). 

1 5 Figure 26C shows that different encodings may be used for any/all of 
the various attribute fields 1538. 

Example Steps for Collecting Demographic Data 

Figures 27A, 27B show example steps for collecting 
demographic data. In this example, the matching and classification 
20 utility 900 initially specifies demographic data fields it is interested in 
(Figure 27A, block 1 540). The matching and classification utility 900 
next determines whether the required data is already available to it 
(e.g., based on previous inquiries responded to by the user 95) (block 
1542, Figure 27A). If the required data is already available ("yes" 



WO 99/24928 PCT/US98/23648 

112 

exit to decision block 1542, Figure 27A), the matching and 
classification utility 900 may send one or more events to a "create 
demographic attribute record" method to process the data (block 
1544, Figure 27A). 

5 , On the other hand, if the required data is not available to the 

matching and classification utility ("no" exit to decision block 1 542, 
Figure 27A), the matching and classification utility may send a 
container 152 to another commerce utility system 90, the container 
including one or more administrative events associated with a 

10 "demographic data query" method and a "create demographic 
attribute record" method (Figure 27A, block 1546). The other 
commerce utility system 90 may then process the one or more events 
using the "demographic data query" method, and write an associated 
audit record (Figure 27A, block 1548). It may determine whether the 

1 5 required demographic data is available (Figure 27A, block 1550). If 
the information is available ("yes" exit to decision block 1 550, Figure 
27A), the commerce utility system 90 may process one or more 
events using a "create demographic attribute record" method in order 
to analyze the available demographic data, and write a corresponding 

20 UDE audit record (Figure 27A, block 1 552). The other commerce 
utility system 90 may then send appropriate one or more 
administrative events and the demographic data attribute record 
within a container 152 to the matching and classification utility 900 
(Figure 27A, block 1554)). 



WO 99/24928 PCTAJS98/23648 

1 13 

If the required demographic data is not available ("no" exit to 
decision block 1550, Figure 27A), the commerce utility system 90 
may send an administrative event to the matching and classification 
utility system 900 within a container 152 informing the matching and 
5 classification utility that the required data is not available (Figure 
27B 3 block 1556). The matching and classification utility 900 may 
then send a "demographic data query" method and a "create 
demographic attribute record" method within a container 152 (along 

i 

with appropriate administrative events to activate such methods) 
1 0 directly to the user 95 about which demographic information is to be 
collected (Figure 27B, block 1558). The user's electronic appliance 
100 may, in response, process the one or more events using the 
"demographic data query" method, which may write an associated 
audit record (Figure 27B, block 1560). If the required data is not 
1 5 collected ("no" exit to decision block 1 562, Figure 27B, the user's 
appliance 100 may send a "failure" message associated with the 
appropriate administrative event to the matching and classification 
utility 900, and write an associated audit record (Figure 27B, block 
1564, 1566). If the required demographic data is successfully 
20 collected ("yes" exit to decision block 1562, Figure 27B), the user's 
electronic appliance may process one or more events using the "create 
demographic record" method supplied by step 1558, which may write 
an associated audit record (Figure 27B, block 1 568). The electronic 
appliance may then send appropriate administrative events and the 



WO 99/24928 PCT/US98/23648 

114 

demographic attribute record to the matching and classification utility 
within one or more containers 152 (Figure 27B, block 1570). 

Figure 28 shows an example questionnaire "pop-up" screen that . 
may be displayed by the user's appliance 1 00 as a result of processing 
5 events using the "demographic data query" method of block 1 548, 
Figure 27A, and/or block 1560, Figure 27B. In this example, 
information is collected directly from a user 95 by displaying a 
questionnaire on a display device that is part of the user's appliance 
100. The questionnaire may ask for various demographic information 
10 such as: 

• name 

• address 

• city 

• state 

15 • zip code 

• gender 

• date of birth 

• education level 

• marital status 

20 • number of children 



WO 99/24928 PCT/US98/23648 

115' ' 

• age of first child 

, • . gender of first child 

• other information 

* i 
The user is requested to provide the information by filling in the 

5 various fields within the questionnaire, The questionnaire may assure. 

the user that all information the user provides will be treated as 

confidential, by, for example, disclosing the rules that will be > 

associated with access to and use of the information. 

Steps similar to those shown in Figure 25A, 25B may be 
performed to create a demographic attribute record based on the 
results of a demographic data query. Figure 29A-29C show examples 
of different user demographic attribute information records resulting 
from this process. Figure 29A shows an example demographic 
attribute record 1572 including a user ID field 1574 and any number 
of attribute fields 1576(1), ... 1576(n). Figure 29B shows a more 
specific example of a demographic attribute record including, for 
example, a user ID number 1574, a gender attribute field 1 576(A), an 
age field 1576(B), a highest educational level field 1576(C), a 
citizenship field 1576(D), a country of residence field 1576(E), a 
district field 1576(F), a city field 1576(G), and a street address field 
1576(H). Figure 29C shows a different detailed encoding example 
for demographic attribute record 1572-1 . 



WO 99/24928 PCT/US98/23648 

116 

t 

Example Steps for Collecting Psychographic Data 

Figure 20 shows example steps that may be performed to 
collect user psychographic data. In this particular example, the. 
matching and classification utility 900 initially specifies desired 

5 psychographic data it requires in order to perform a particular 
classification/matching process (Figure 30, block 1580). The 
matching and classification utility 900 determines if the required data 
is already available to it (Figure 30, block 1582). If the required data"' 
is already available ("yes" exit to decision block 1582, Figure 30), the 

1 0 matching and classification utility 900 sends one or more events to a 
"create psychographic attribute record" method in order to analyze the 
available data and provide appropriate psychographic attributes 
(Figure 30, block 1584). If, on the other hand, the required data is not 
available to the matching and classification utility 900 ("no" exit to 

1 5 decision block 1582, Figure 30), appropriate steps are performed to 
collect the required data. In this example, the matching and 
classification utility 900 may send a "psychographic data query" 
method and a "create psychographic attribute record" method within 
one or more containers 152 (along with appropriate administrative 

20 events to activate such methods), to appropriate repositories that may 
contain the required data (Figure 30, block 1586). If the required data 
is available from the repositories ("yes" exit to decision block 1588, 
Figure 30), then an electronic appliance at the repository (in this 
example) processes one or more events using the "create 

25 psychographic attribute record" method supplied by block 1 586 in 



WO 99/24928 PCT/US98/23648 

1 17 

order to generate an appropriate attribute record(s) containing the 
attribute information the matching and classification utility 900 is 
interested in (Figure 30, block 1590). This information, and 
associated one or more events, may be sei>t to the matching and 
5 classification utility 900 within one or more containers 1 52 (Figure 1 
30, block 1592). 

If the required data is not available from the repository ("no" 
exit to decision block 1 588, Figure 30), then the repository may send ' 
a "failure" message associated with one or more administrative events 

1 0 to the matching and classification utility 900 within a container 1 52 
(Figure 30, block 1594). The matching and classification utility 900 
may, in response, send one or more administrative events, a "collect 
psychographic data" and "create psychographic attribute record" 
method directly to the user's electronic appliance 100 within one or 

15 more containers 152 (Figure 30, block 1596). The user's electronic 
appliance 100 may, in turn, process the events using the "collect 
psychographic data" and "create psychographic attribute record" 
methods (Figure 30, block 1598, 1600), and send the resulting 
attribute data record(s) to the matching and classification utility 

20 (Figure 30, block 1592). 

Figure 31 shows an example psychographic questionnaire 
"pop-up" screen that may be displayed to the user 95 upon 
performance of Figure 30, block 1598. This questionnaire may 



WO 99/24928 PCT/US98/23648 

118 

collect various psychographic information from the user, including 
for example: 

• mood information 

• emotion information 
5 • habit information 

• behavioral information- 

• cognitive information 

• medical information 

• physical information 
10 • patient information 

• counseling information 

• aptitude information 

• testing information 

• other information 

1 5 • combinations of types of information. 

The questionnaire may inform the user that all information collected 
will be treated as "confidential/' and may also, if desired, indicate that 
the user will be compensated for providing the information. 



WO 99/24928 PCT/US98/23648 

1 19 

Figures 32A-32C show some example user psychographic 
attribute information records 1602 that may be created by Figure 30, 
block 1584, 1590 and/or 1600. Figure 32A shows that a 
psychographic attribute record 1602 may include a user ID field 1604 

5 and any number of attribute fields 1606(1), ... 1606(n). Figure 32B • 
shows a more detailed user psychographic attribute record 1602 
example including a user ID field 1604, a field 1606a indicating 
whether the user.is introverted or extroverted, a field 1606b indicating 
whether the user is a sensing or intuitive person, a field 1606c 

1 0 indicating whether the user is primarily a thinking person or a feeling 
person, a field 1606(d) indicating whether the user is primarily a 
judging person or a perceiving person, and a field 1606(e) indicating 
an overall psychographic / behavioral profile such as, for example, 
the iVALS standard provided by SRI. Figure 32C shows a different 

1 5 kind of encoding (in this case, binary) for the various attributes 1 606. 

Example Method for Determining Attributes Based 
on Available Rules and Consequences 

Figure 33 shows an example method for determining attributes 
based on available rules and consequences. The matching and 

20 classification utility 900 may first send one or more administrative 
events and a "send permission records" method request to an 
electronic appliance 100 within one or more containers 152 (Figure 
33, block 1610). In response, the appliance may process the events 
using the method, which may write an associated audit record (Figure 

25 33, block 1612). If this step is performed successfully ("yes" exit to 



WO 99/24928 



120 



PCT/US98/23648 



Figure 33, decision block 1614), the appliance sends appropriate 
administrative events and the requested permission records to the 
matching and classification utility 900 within one or more containers 
152, and the method writes an associated audit record indicating it has 

5 performed this transaction (Figure 33, block 1616). The matching 
and classification utility may process events using a corresponding 
"create attribute record from permission records" method to obtain 
attributes from these provided permission records (Figure 33, block 
1618). If the step of block 1612 failed (as indicated by the "no" exit 

10 to decision block 1614, Figure 33), the method may send a "failure" 
message to the matching and classification utility 900, and write an 
associated audit record (Figure 33, block 1620). 

Figure 34 shows a variation on the Figure 33 example in which 
the appliance 100 rather than the matching and classification utility 
1 5 900 creates the rules attribute record based on a "create rules attribute 
record from permissions records" method supplied by the matching 
and classification utility, and then sends the rules attribute record to 
the matching and classification utility (see Figure 34, blocks 1622, 
1624). 

20 Example Method to Construct Attribute Records 
from Permissions Records 

Figures 35 A, 35B show example steps for constructing attribute 
records from permissions records. The steps shown in Figure 35A, 
35B may, for example, be performed as part of the method shown in 
25 block 1618 of Figure 33. 



WO 99/24928 PCI7US98/23648 

In this example method 1618, the matching and classification 
utility 900 may first check relevant permissions to ensure that it has 
the authority to perform the desired transactions (Figure 3 5 A, block 
1630). For example, the matching and classification utility 900 may 

5 examine a permissions record about the permissions records it has 

i ■ 

i 

collected, this permissions record it is examining indicating what 
entities have authority to perform operations with respect to the 
permissions-record to be analyzed. Presuming the matching and 
classification utility 900 has the appropriate permission, it opens a 

10 permissions to be analyzed (Figure 35 A, block 1632), and performs a 
sequence of steps 1634-1650 to extract relevant information from the 
permissions record. For example, information from the permissions 
record header can be copied into the attribute. record (Figure 35 A, . 
block 1634), and then the method may locate the rights record header 

1 5 (block 1636, Figure 35A). Information from the rights record header 
may be copied into the attribute record (block 1638, Figure 35A), 
along with the identifier for the corresponding right(s) (blocks 1640, 
1 642, Figure 3 5 A). The process may then recursively locate and 
harvest data from each method header contained within the rights 

20 record (blocks 1644, 1646, 1648, Figure 35B). The process may 
recursively repeat steps 1 638-1648 for each rights record within the 
permissions record (as tested for by decision block 1 650, Figure 
35B). Finally, the entire process of steps 1632-1652 may be 
performed recursively for multiple permissions records to harvest the 



WO 99/24928 PCT/US98/23648 

122 

appropriate rules and consequences information from each of a 
number of permissions records (see decision block 1652, Figure 35B). 

Figure 36 shows example steps to perform the "check 
permissions" operation shown in Figure 35A, block 1630. In this 

5 example, the process locates the permissions record from which 
information is desired to be harvested (Figure 36, block 1660), and 
then determines whether there is a permissions record for that 
permissions record (Figure 36, decision block 1662). If there is no 
permissions record that controls that permissions record (and 

1 0 assuming that authorization or additional permission is required to 
access the permissions record from which information is to be 
harvested) (Figure 36, "no" exit to decision block 1662), the process 
reports failure, writes an audit record, and ends (Figure 36, blocks 
1 664, 1 666, 1 668). On the other hand, if there is a permissions record 

1 5 that controls access to the permissions record from which information 
is to be harvested ("yes" exit to decision block 1662, Figure 36), the 
process determines whether that permissions record for the 
permissions record enables usage by the matching and classification 
utility 900 (Figure 36, decision block 1670). If the matching and 

20 classification utility 900 does not have permission ("no" exit to 

decision block 1670, Figure 36), the process reports failure, writes an 
audit record to that effect, and ends (blocks 1672, 1674, 1676, Figure 
36)). On the other hand, if the matching and classification utility 900 
is granted permission ("yes" exit to decision block 1670, Figure 36), 

25 the process accesses and uses the permissions record for the 



WO 99/24928 PCTAJS98/23648 

123 

permissions record from which information is to be harvested (Figure 
36, block 1678). 

Figures 37A-37C show examples of attribute records 
containing information harvested from permissions records. Attribute 
5 record 1680-1 shown in Figure 37A includes a user identification 
field 1682, an object identification field 1684, and any number of 
attribute fields 1686(1), 1686(n).. The attribute record 1680-2 
shown in Figure 37B includes, as a more detailed example, a user ID 
number field 1682, an object ID field 1684, a right ID field 1686a, a 
1 0 method identifier field 1 686b, another right ID field 1 686c, and 
corresponding method type fields 1686(d), a further right ID field 
1686e and two corresponding method attribute fields 1686f, 1686g, a 
further right ID field 1686h and corresponding method attribute fields 
1686i, 1686j. 

15 Figure 37C shows a different example in coding for the Figure 

37B example attribute record. 

Example Steps for Assembling Rules and 
Consequences 

Figure 38 shows example steps for assembling rules and 
20 consequences. In this example, the matching and classification utility 
900 may send one or more administrative events and a "get user rights 
table" method within a container 152 to an electronic appliance 
(Figure 38, block 1690). The electronic appliance 100 processes the 
one or more events using the "get URT M method, which may writes an 



WO 99/24928 PCT/US98/23648 

124 

associated audit record (Figure 38, block 1692). The method then 
determines whether the associated URT records are available (Figure 
38, decision block 1 694). If the records are not available ("no," exit to 
decision block 1694, Figure 38), the method sends a failure notice to 
5 the matching and classification utility 900, and writes an associated 
audit record (block 1696, Figure 38). If, on the other hand, the URT 
records are available ("yes" exit to decision block 1694, Figure 38), 
the method packages the URT records and associated one or more 
administrative events into a container 1 52, and sends the container to 
10 the matching and classification utility 900 (Figure 38, block 1698). 
The matching and classification utility 900 may then process the 
administrative events using a "create attribute record from URT" 
method in order to extract or harvest the information from the URT(s) 
(Figure 38, block 1700). 

1 5 Figure 39 shows another example sequence of steps for 

assembling rules and consequences. In this example, the matching 
and classification utility 900 sends one or more administrative events 
and a "create attribute record from URT" method to the electronic 
appliance 100 that stores or has access to the user rights table 

20 information (Figure 39, block 1 702). The appliance then processes 
the events using the method sent to it, and the method writes 
associated audit information as it processes (Figure 39, block 1704). 
If the URT records are available and the step completes successfully 
("yes" exit to decision block 1706, Figure 39), the method sends the 

25 resulting URT attribute record(s) and one or more administrative 



WO 99/24928 / PCT/US98/23648 

125' 

events to the matching and classification utility within a container 
1 52, and writes corresponding audit information to an audit trail 
(Figure 39, block 1710). On the other hand, if an error condition 
arises either because the URT records are not available or because the 
5 method for some other reason cannot complete successfully, the 
method sends a failure notice within a container 152, and writes an 
associated audit record ("no M exit to decision block 1 706, Figure 39, 
block 1708). 

Figures 40A, 40B show example steps performed by blocks 

1 0 1 700, 1 704 to "create attribute record from user rights table." The 
method begins by checking associated permissions for the user rights 
table records (Figure 40A, block 1720). Assuming that appropriate 
user and/or group permission is available, the method next locates the 
user rights table (Figure 40A, block 1 722), and then begins 

1 5 recursively analyzing the user rights table information to harvest 
desired attribute information from it (Figure 40A, blocks 1 724 and 
following). In this particular example, the method locates the user 
rights table record (block 1724, Figure 40A, and then locates the first 
rights record header within the first user choice record within the 

20 URT record (blocks 1 726, 1 728, Figure 40A). The method copies 
rights record header information to the attribute record (block 1 730), 
and then locates the right identifier and copies that to the attribute 
record (blocks 1732, 1734). The method then recursively locates 
each method header within the user rights table right record, and 

25 copies corresponding attribute information to the attribute record 



WO 99/24928 PCT/US98/23648 

126 

(blocks 1736, 1738, 1740, Figure 40B). Steps 1728-1740 are 
performed recursively for each rights record within the user choice 
record (see Figure 40B), decision block 1742), and the above steps • 
are performed recursively for each user choice record within the user 

5 rights table (see decision block 1 744, Figure 40B). Additionally, 
steps 1 724-1 744 are performed recursively for each user rights-table 
record within the user rights table (see Figure 40B, decision block 
1 746). As a last example step, the method creates a permissions 
record that controls access and use of the attribute record it has 

1 0 created (Figure 40B, block 1 748). 

Figure 41 shows example steps performed by the check 
permissions block 1 720 shown in Figure 40A. For example, the 
sequence of steps may begin by locating a corresponding permissions 
record (Figure 41, block 1750) and then determining whether there is 

1 5 a permission record corresponding to the corresponding user rights 
table entry (Figure 41, decision block 1752). If there is no such entry 
("no" exit to decision block 1752), the method may report failure, 
write an audit record, and end (blocks 1754, 1756, 1758, Figure 41). 
If there is a corresponding permissions record ("yes" exit to decision 

20 block 1 752, Figure 41 ), then the permissions record may be examined 
whether it enables usage for the matching and classification utility 
900 (decision block 1 760, Figure 41). If the permissions record does 
not enable usage by the matching and classification utility 900 ("no" 
exit to decision block 1760, Figure 41), the method may report a 

25 failure, write an audit record, and end (blocks 1762, 1764, 1766, 



WO 99/24928 PCT/US98/23648 

127 

Figure 41). On the other hand, if the matching and classification 
utility 900 does have the required permissions to enable usage ("yes" 
exit to decision block 1760, Figure 41), the method may access the 
permissions record (if any) for the user rights table for use in 
5 controlling access to the user rights table itself (block 1 768, Figure 
41). ' 

Figures 42A-42C show example rights attributes records 1770 
that may be obtained from the processes above. The Figure 42A 
example rights attribute record 1 770-1 includes a user or group ID 

10 field 1772, an object ID field 1774, and any number of attribute fields 
1776(1), ... , 1776(n). The more detailed example rights attribute 
record 1770-2 shown in Figure 42B includes a user ID number field 
1 772, an object ID field 1 774, a right ID field 1 776a and 
corresponding method attribute field 1776b, another right ID field 

1 5 1 776c and corresponding method attribute field 1 776d, a right ID 
field 1776e and corresponding method attribute fields 1776f, 1776g, 
and another right ID field 1776h and corresponding method attribute 
field 1776L 

Figure 42C shows how the rights attribute record 1770 can be 
20 encoded numerically as opposed to using characters, as one example. 

Example Steps for Assembling Usage Audit Records 

Figure 43 shows example steps for assembling usage audit 
records for purposes of matching and/or classification. In this 
example, the matching and classification utility 900 may send one or 



WO 99/24928 PCT/US98/23648 

128 

more administrative events and a "get audit records" method to a 
VDE appliance 100 within a container 152 (Figure 43, block 1780). 
The appliance 100 may process the one or more events using tfce "get 
audit records" method, which may write an associated audit record 

5 (block 1 782, Figure 43). If the audit records are not available ("no" 
exit to decision block 1784, Figure 43), the method may send a failure 
notice within a container to the matching and classification utility 
900, and may then write an associated audit record (Figure 43, block 
1786). On the other hand, if the audit records are available ("yes" exit 

1 0 to decision block 1 784), the method may send one or more 

administrative events and the audit records within a container 1 52 to 
the matching and classification utility 900, and write an associated 
audit record (block 1788, Figure 43). The matching and classification 
utility 900 may then process the one or more administrative events 

15 using a "create attribute record from audit record" method in order to 
extract or harvest the information from the audit record it will use to 
perform matching and/or classification (block 1790, Figure 43). 

Figure 44 shows another sequence of example steps that may 
be used to assemble usage audit records for purposes of matching 

20 and/or classification. In the Figure 44 example, the matching and 
classification utility 900 sends one or more administrative events and 
a "create attribute record from audit record" method to an electronic 
appliance 100 within one or more containers 152 (Figure 44, block 
1792). The appliance 1 00 may then process the one or more 

25 administrative events using the "create attribute record from audit 



WO 99/24928 PCT/US98/23648 

. 129 

record 11 method, which may write an associated audit record (block 
1 794 5 Figure 44). The method may determine, in this process, 
whether audit records are available (Figure 44, decision block 1796). 
If no audit records are available ("no 11 exit to decision block 1796), 

5 the method may send a failure notice to the matching and 

t • * • 

classification utility 900 (Figure 44, block 1798). On the other hand, 
if audit records are available, the method may create the 
.„ corresponding usage attribute records and associated administrative 
event(s), package them into a container 152, send the container to the 
10 matching and classification utility 900, and write corresponding audit 
records (Figure 44, block 1799). 

Figures 45A, 45B show example steps for performing the 
method (shown in Figure 44, block 1 794, for example) of creating 
attribute record(s) from audit records. In this example, the method 

1 5 first locates the audit records in a secure database or other storage 
facility (Figure 45(A), block 1800). The method next selects an 
appropriate UDE audit record to analyze (Figure 45(A), block 1802), 
and determines whether a permission record is available that applies 
to this particular audit record (Figure 45(A), decision block 1804). If 

20 a permissions record is required and is not available, the process 

reports failure, writes an associated audit record, and ends (Figure 45 
blocks 1 806, 1 808, 1810). If, on the other hand, a required 
permissions record is available ("yes" exit to decision block 1804, 
Figure 45), the process determines whether the permissions record 

25 grants the device or process permission to use the audit record(s) for 



WO 99/24928 PCI7US98/23648 

130 

this particular purpose (decision block 1812, Figure 45). If such 
permission is not available ("no" exit to decision block 1812, Figure 
45A), the process reports failure, writes an associated audit recprd, • 
and terminates (Figure 45 A 3 blocks 1814, 1816, 1818). 

5 If any applicable permissions record is available and grants 

permission to the matching and classification utility 900 ("yes" exit to 
decision block 1812), the process determines multiple audit records 
need to be analyzed together as an overall event (Figure 45A, 
decision block 1820). For example, an "atomic transaction" in which 

1 0 multiple steps are performed to achieve an overall result may have 
multiple audit records (e.g., from multiple appliances 100) that may 
need to be analyzed together in order to make sense out of the overall 
transaction. As another example, an object may have subparts (e.g., 
sub-objects) on which operations can be performed - but it may be 

1 5 important for matching and/or classification purposes to analyze the 
results of such multiple operations together in order to determine 
appropriate attribute(s) for matching and/or classification. If it is 
necessary to aggregate multiple audit records together for analysis 
(decision blocks 1 820, 1822, Figure 45A), then the process proceeds 

20 to analyze those audit records together and create corresponding 
summary transaction information (Figure 45A, block 1 824). 

The process next determines whether it needs to produce 
aggregated audit statistics in order to perform the associated matching 
and/or classification operation (Figures 45A. 45B, decision block 



WO 99/24928 PCT/US98/23648 

13:1' * 

1 826). For example, multiple operations may be performed on a 
certain object. It may be important to know statistics about such 
operations (e.g., the number of times the object was opened on a 
certain day, the number of users who opened the object in a certain 
5 time period, etc.). If such aggregated statistics are required ("yes" 
exit to decision block 1 826, Figure 45B)* the process proceeds to 
create such aggregated statistics (block 1828, Figure 45B). 

The process next copies selected audit record information to an ' 
audit attribute record (Figure 45B, block. 1830). The process then 

1 0 determines whether it needs to process more audit records (decision 
block 1 832, Figure 45B). If more audit records are required to be 
processed ("yes" exit to decision block 1832, Figure 45B), control 
returns to Figure 45 A, block 1802 to select the next audit record. 
Otherwise ("no" exit to decision block 1832, Figure 45B), the process 

1 5 creates a permissions record associated with the newly created 
attribute record(s) (Figure 45B, block 1834), and completes. 

Figures 46A, 46B show example usage attributes/statistic 
records that the Figure 45A-B process may create. The Figure 46A 
attribute record 1830-1 may include, for example, a user ID 1832, an 
20 object ID 1834, and any number of attribute fields 1 836(1), ... , 
1836(n). The more detailed Figure 46B example attribute record 
1830-2 includes a user ID number 1832, an object ID 1834, a right ID 
1836a and associated method characteristic 1 836b, another right ID 
1836c and associated method 1836d and associated statistic 1836e, a 



WO 99/24928 PCT/US98/23648 

132 

further right ID 1836f and associated method attribute 1836g, another 
right ID 1 836h and associated methods 1836i, 1836j, and associated 
additional attributes 1 836k-1836o. The characteristics shown jn 
fields 1 83 6k- 1 836o could, for example, be derived from an aggregate 
5 of any number of individual audit records recording individual 
transactions associated with the object identified in field 1834: 

EXAMPLES 

The following are some non-limiting examples of how 
Matching and Classification Utility 900 may be useful in certain 
10 applications. 

Example: Matching and Classification Utility 900 
Can Support Narrowcasting or "Push" Distribution 
Models Based On Classes 

1 5 Interactions with content, transactions, and other events on the 

World Wide Web are mainly driven today by following chains of 
hypertext links, using various search engines, and/or indexes, to say 
nothing of just plain luck and persistence, to find interesting and/or 
useful content and/or services. Time consuming and generally 

20 inefficient, these search activities share in common the feature that 
each consumer must intentionally "pull" desired content from a Web 
site to their computer after successfully identifying specific content or 
services of interest at that time. The present inventions also support 
"pull" models — a topic to be addressed shortly. However, the present 



WO 99/24928 PCT/US98/23648 

133" 

inventions also support narrowcasting or "push" models of content 
distribution as well. 

In one example, the matching and classification utility 900 can 
facilitate much more automated and therefore more efficient and 
5 effective content creation, access and/or distribution services that 
"push" information and/or services to users. Example Figure 47 
shows an example "information push" model 2000 in which an 
arbitrary number of users 2001(1 )-200 1 (n) each have a VDE node 
(e.g., a protected processing environment 154) installed on their 
10 appliances. These example appliances may be of any kind, including 
computers, so-called Web television or Web-TV, DVD appliances 
with some form of backchannel, a settop box with a "back channel", 
and so on. 

Perhaps with the permission of the user or other authority, such 
15 as an administrator within an organization, the VDE node collects 

various usage information or "info exhaust" according to the rules and 
usage consequences provided by one or more value chain 
participants. At times specified by default and/or by the associated 
rules and consequences, audit records are sent, in this example, in 
20 VDE containers 2006(1 )-2006(n) to a usage clearinghouse 300, which 
in turn, may send all or a portion of these audit records in a VDE 
container 2008 to the matching and classification utility 900. The 
audit records may contain rights management information, including, 
but not limited to the amount of usage, the amount paid, if any, the 



WO 99/24928 PCT/US98/23648 

134 

payment method used, if any, VDE control sets, and/or data that 
identify various attributes of the node, user, and/or known and/or used 
object(s). The audit records may also contain information abgut 
objects known to the VDE node (objects with PERC records - see 
5 Figures 35A, 35B and associated discussions) and/or objects that have 
been used (objects with URT entries - see Figures 40A-40B and 
associated discussions) on the node. 

The matching and classification utility 900 may also receive 
from one or more providers 2010 content objects 2003 themselves, 

1 0 for example, information in text format and/or metadata 2005 
associated with content objects. Using at least one classification 
method, the matching and classification utility 900 may create at least 
one object class hierarchy, object class, object classification scheme, 
object category and/or object category scheme using at least some 

1 5 rights management information and assign at least one object to at 
least one category and/or class. 

The matching and classification utility 900 takes the usage 
information and other rights management information received from 
the VDE nodes and/or other information sources and may create at 
20 least one category and may assign at least one node and/or user to a 

cateogo^and/or class. In Figure 47, the matching and classification 

utility 900 sends a VDE container 2002 to content provider 2010 with 
information showing the classes of content used by one or more nodes 
and/or users along with a request that the provider 201 0 send similar 



WO 99/24928 PCT/US98/23648 

135 

content back to one or more users 2001 . At least one content provider 
201 0 then sends at least one VDE container 2004 to user A with 
content and/or information about available content that may be of 
interest to user A given the history of content usage as reflected in 
5 VDE audit records and/or other rights management information. In ' 

i ■ ' 

i 

this "push" example, classes of content or information about available 
content may be pushed automatically from (a class of) content 
providers to one or more members of class of users and/or nodes. 
Consequently, users do not have to search. as intensely, if at all, for 
1 0 content of interest to them. 

In this example, user A receives content that may be most like 
content the user has already used, perhaps like content used most 
frequently in the recent past. The present inventions also support the 
matching and classification utility 900 and/or content provider 
15 sending content that is in a class or classes more distant from topics 
of prior and current interest to a particular user and/or group of users. 
Certain classification methods familiar to those skilled in the arts may 
provide quantitative indicators of distance that, in turn, may be used 
as at least one criterion for selection. 

20 In another example, matching content to users and/or nodes 

may be based in part on class assignments that are in turn based in 
part on information concerning user preferences solicited by the 
matching and classification utility 900 or other value chain 
participant, such as a market research firm, advertising agency, 



WO 99/24928 PCT/US98/23648 

136 

provider, distributor, VDE administrator 800, or other Commerce 
Utility System. 

Although the matching and classification utility 900 and/or 
content provider may send "more of the same," in another example 
5 the present inventions support providers at least occasionally sending 
content more distantly related to the user's apparent interests to 
determine if the user's circle of interest might be a little larger than 
that indicated by past usage and other, related rights management 
information alone. 

1 0 In another example, providers may from time to time send 

content unrelated to the user's apparent interests that may 
nevertheless reflect the interests of persons and/or groups sharing at 
least one attribute with the user. For instance, the matching and 
classification utility 900 may, by sending a VDE container with 

1 5 appropriate user and content class information, suggest to a provider 
that user A receive content similar to content used by another member 
or members in the same group or class as user A. In one example, the 
matching and classification utility 900 may suggest sending business 
information related to a particular vertical market segment because 

20 others in the same class as user A have paid attention to that market. 

In support of various content narrowcasting or "push" models, 
the matching and classification utility 900 may provide content class 
related information to a "subject switch" or "subject mapper," which 
in turn, matches participants desiring information in one or more 



WO 99/24928 PCT/US98/23648 

137' 

specified classes with one or more sources of content in the requested 
class or classes. 

The non-limiting subject switching example 2050, Figure 47A, 
shows a number of customers 2053(1 )-20$3(n) each with an 

» 1 

5 appliance 2052(1) -2052(n) such as a personal computer. Other 
arrangements may include appliances such as a WebTV interface 
and/or an intelligent "settop box" connected to an interface device 
that uses one or more (digital) TVs for display. Still other 
arrangements may include an NC computer without a local hard disk 

10 logically connected to at least one server, a personal digital assistant 
with a network connection, and/or any other appliances with suitable 
processing, storage, and communications capabilities. 

Referring again to Figure 47 A, each customer appliance 2052 
may have a VDE secure node installation 2054 incorporating a 

1 5 protected processing environment 1 54, as described in "Ginter et al", 
and messaging services software 2058 that manages communications 
with other appliances. (In an alternative example, some appliances 
may lack secure nodes or sufficiently secure nodes, and receive 
appropriate one or more protected processing environment 1 54 based 

20 services from one or more servers and/or peers.) These appliances 
may be located in the same physical and/or logical environment, such 
as on the same local area network, and/or may be distributed across 
wide area networks such as multi-location corporate Intranets and/or 
the Internet itself. Among other tasks, messaging services 2058 



WO 99/24928 PCT/US98/23648 

138 

"listens" for messages destined for that particular appliance or for 
broadcast messages intended for at least one appliance in the set of 
appliances that receive the broadcast. In certain instances no, , 
appliance may actually be "listening." In other examples, the 

5 messaging services 2058 may incorporate delivery assurance 
capabilities that assure delivery through use of explicit or implicit 
acknowledgments of receipt combined with the ability to retransmit 
„ information that has not been acknowledged. Messaging services 
2058 may be designed such that an operator may select from one or 

10 more delivery assurance levels, for example "no receipt 

acknowledgment, " "retry n times, then notify operator if not 
received," "retry until a certain date/time, then notify operator if not 
received," "retry n times and/or until a certain date/time, no operator 
notification necessary," et cetera. 

1 5 Messaging services 2058 may use the secure node 2054 to 

package one or more messages in a VDE secure container that may 
also include one or more sets of rules and usage consequences that 
may be associated with one or more messages in the container as 
described in "Ginter et al". In this example, messaging services 2058 

20 then sends the secure container to one or more destinations using, for 
instance, TCP/IP and/or some other network protocol(s). Also, 
messaging services 2058 may broadcast a VDE container to one or 
more other customers 2053. 



WO 99/24928 PCT/US98/23648 

13;9 

In this example, a customer 2053 uses application 2060 to 
persistently request or "subscribe" to one or more particular classes of t 
content. For example, a highly detailed class might include "business 
information concerning the US market share of PC vendors, 

5 information in text format, costing less than a dollar per item, and for 1 
which the subscriber receives the right to excerpt at least one whole 
paragraph, provided that the excerpted amount constitutes less than 
. 25% of the entire item based on word count." This same and/or 
another application may also be. used to interact with instances of 

10 content in the desired class, for example, by displaying information 
on a computer screen and/or another output device in accordance with 
the rules and usage consequences associated with that item. If a user 
no longer has an interest in one or more classes, they may also use the 
same (or similar) application 2060 to "unsubscribe" from a particular 

1 5 subject, or specify further narrowing or broadening criteria to adjust 
the flow of content from one or more classes. 

Items in the desired class or classes may be available from 
more than one content source 2074(1 )-2074(n). To enhance the 
efficiency of locating content of interest to the subscriber or other 

20 participant, the matching and classification 900 may have created 

such a class definition and assigned one or more content items to that 
class. In one example, the matching and classification 900 may have 
sent one or more methods, and administrative events necessary to 
invoke the method(s), in a VDE secure container to one or more 

25 content sources 2074 where the classification methods are executed. 



WO 99/24928 PCT/US98/23648 

140 

i 

Such methods may, for example, assign content items to one or more 
classes. One or more object and/or item identifiers may have been 
transmitted to the matching and classification utility 900 along with * 
class assignments for each item. If the matching and classification 
5 utility 900 has not previously created the desired class and assigned 
items to it, in response to a request from the subject switch 205 1 , the 
matching and classification utility 900 may do so using any . 
appropriate combination of one or more such classification methods 
and procedures. The matching and classification utility 900 may may 
1 0 create at least one object class hierarchy, object class, object 

classification scheme, object category and/or object category scheme 
using at least some rights management information and assign at least 
one object, item, and/or subscriber to at least one category and/or 
class. 

1 5 Subsequent to receipt of the request and/or "subscribe" 

message from the customer 2053, the subject switch 2051 may query 
the matching and classification 900 for content sources 2074 that 
have items in the desired class or classes. The matching and 
classification utility 900 may respond with information indicating 

20 known sources of information in the desired class(es), if any. The 
subject switch 2051 may then send a VDE container to the 
appropriate content source(s) 2074 indicating that certain customers 
2053 are interested in items in the desired class and that the content 
source 2074 should send items in this class to this customer 2053 



WO 99/24928 PCT/US98/23648 

141 

and/or groups of customers, and/or include such content in broadcasts 
which may be received by such subscribers. 

The content sources 2074 may have already received class 
definitions and class assignment information from the matching and 
5 classification' utility 900 and/or may haye received from the matching 
and classification utility 900 or another party to the transaption one or 
more classification methods and associated events to invoke one or 
more of these methods to perform classification and/or class 
assignment processes. 

1 0 In one arrangement, the content source 2074 may send the 

desired items directly to the subscribing customers 2053 by using the 
messaging services 2058 and subject switch 2051 to publish each . 
item as it becomes available for distribution. In another example, the 
content source 2074 may broadcast the information such that 

1 5 subscribers' messaging services 2058 will have the opportunity to 

access the such items from a broadcast. The content source 2074 may 
call on messaging services 2058 to use the VDE secure node to 
package the item in a VDE container along with associated rules and 
usage consequences and then send that container such that one or 

20 more listening messaging services 2058 on other appliances 2052( 1 )- 
2052(n) will receive it. Based on subject information contained in the 
message header and/or in unencrypted (but optionally protected for 
integrity) areas of the VDE container, the listening messaging 
services 2058 may identify the message as belonging to a subject 



WO 99/24928 PCT/US98/23648 

142 

class it is listening for, then use the VDE node to open the container 
and view or otherwise use the item in accordance with that item's 
associated rules and usage consequences. ( , 

In another arrangement, the subject switch 2051 may be located 

•5 on each customer appliance 2052(l)-2052(n) r Using messaging 
services 2058, each subject switch 2051 may communicate with the 
matching and classification utility 900 to locate sources of content 
matching the subscribed classes. In this example, the subject switch 
2051 on the local appliance then uses the messaging services 2058 to 

1 0 communicate with one or more content sources 2074 indicating 
classes of content to which it wishes to subscribe. Using the 
messaging services 2058, one or more content sources 2074 may 
directly send and/or broadcast items in the desired classes to 
subscribing customers 2053 in VDE secure containers along with 

1 5 associated rules and consequences. In another arrangement* the 
content source 2074 may send one set of rules and usage 
consequences that apply to members of one or more item classes, thus 
potentially improving the efficiency of distribution and of rights 
management. In another example, the rules and content items may be 

20 sent in separate VDE containers. In this example, the messaging 
services 2058 and subject switch 2051 listen for messages that are 
addressed to those customers who subscribe to a particular content 
item class and makes those items available to customers using an 
application 2060. 



WO 99/24928 PCT/US98/23648 

143 

In another arrangement, messaging services 2058 and/or 
subject switch 205 1 may be installed and run on network routers, 
network switches, one non-limiting example being ATM switches, 
and other packet and/or cell switches. 

5 Example: Digital Broadcasting Based On Matching 
And Classification 

"Shear et al" discloses a Digital Broadcasting Network 
("DBN") that may function as a cooperative of Web sites and, for 
example, service providers, with a central and perhaps regional and 

10 logical (e.g., market based) headquarters groups, or it may function as 
a for profit, shareholder corporation in a business model reminiscent 
of television broadcast companies (e.g., NBC), or it may function as a 
cooperative or virtual corporation that has some mix or combination 
of mixes of the above attributes and employ distributed peer to peer, 

1 5 hierarchical, and centralized administrative business relationships and 
activities. 

In one example, plural corporations may join together to 
provide the advantages of size and coordination with individual 
participants providing some degree of specialty expertise and the 
20 body of entities coordinating together in some fashion in a "higher" 
level cooperative or corporation. 

Figure 48 shows one non-limiting example 2100 of a DBN that 
includes one or more DBN Web servers 2104(l)-2104(n) and one or 
more Web users each with VDE nodes. Users are attracted to a 



WO 99/24928 PCT/US98/23648 

144 

specific DBN server (or servers) because it provides access to 
specialized content and/or services 2108. Based at least in part on 
rights management information 21 10 collected from DBN servers, for 
example, controls associated with the most frequently requested 

5 information, the matching and classification utility 900 creates 
categories of content (and/or services) and assigns DBN servers to 
one or more classes according to their special ization(s). The matching 
and classification, utility 900 may may create at least one class 
hierarchy, class, classification scheme, category and/or category 

1 0 scheme using at least some rights management information and assign 
at least DBN server and/or at least some information to at least one 
category and/or class. 

For example, one DBN server may specialize in consumer 
sports information while another may specialize in legal information. 
1 5 DBN servers may specialize in plural content (and/or service) areas. 
This class and class assignment information is provided to DBN 
servers, to content (and/or service) providers, or both. 

The matching and classification utility 900 in one example 
sends VDE containers 21 12 to content sources 2102 indicating 
20 specific classes of content that should be sent to one or more DBN 
servers 2104. Using this information, content providers 2 102(1 )- 
2012(n) then send content in these categories in VDE containers 2106 
that match the categories of most frequently hit and/or consumed 
content on a DBN server 21 04(1 )-2 1 04(n). (In another example, 



WO 99/24928 PCTYUS98/23648 

145' -' ■ 

other information may be used as the basis of classification, 
matching, and selection.) For instance, the matching and classification 
utility 900 sends a VDE container 21 12(2) to content source 2102(1) 
with instructions to send content in categories 1,11, and 1 5 to DBN 
5 server 1 (2 1 04(1 )). This content may, in turn, be sent to one or more , 
consumers in VDE containers 2108(1), £ 108(3). 

In one aspect, this example process is analogous to hard goods 
'^manufacturers and distributors keeping Wal-Mart shelves stocked 
with those items in greatest demand based on point of sales and 

10 inventory data. One difference, of course, is that in this example, the 
DBN server is stocked with intangibles in the same or similar class as 
the intangibles sold rather than providing replacements for hard goods 
that have been sold off the shelf In another example, a DBN server 
may send its classification data to content providers along with a 

1 5 request that they send more of the same. The request may be sent 
independently of the class information. 

In another example, the matching and classification utility 900 
may receive content and/or rights management information from 
providers and go on to create classes of content and/or content 
20 providers in which the classes may be partly defined using rights 

management data. Content on one class may, among other things, be 
distinguished from content in another class by price, payment 
methods, usage opportunities (e.g., available for printing, available 
for viewing pay-per-use), usage consequences, and/or specific 



WO 99/24928 PCT/US98/23648 

146 

i 

permissions. The matching and classification utility 900 may 
subsequently send a communication, perhaps in a VDE container, to 
providers indicating that they send content in one or more specified . 
classes to at least one DBN server. 

5 Non-limiting example Figure 48 shows that the DBN 2 1 00 ma^ 

consist of video 2202 and/or audio 2203 content providers who send 
certain categories of video and/or audio content 2206 to DBN servers 
2204(1 )-2204(n) based on the categories of content each server may 
specialize in, which, in turn, may be determined at least in part on 

1 0 frequency of usage and/or other rights management information sent 
in VDE containers 2213 to the matching and classification utility 900, 
or to a usage clearinghouse 300 and then to a matching and 
classification utility 900. (In another example, other information, may 
be used as the basis of classification, matching, and selection.) The 

1 5 matching and classification utility 900 sends VDE containers 22 1 2 to 
content sources indicating that they should send content in specific 
categories 2206 to specific DBN servers 2204. In turn, each DBN 
server 2204(1 )-2204(n) delivers video 2208 and/or audio 2209 in 
VDE containers to parties interested in such content. In another 

20 example, a VDE container may hold both video and audio and/or any 
other content type. 



WO 99/24928 PCTAJS98/23648 

147 

Example: Matching and Classification Utility 900 
Can Also Support "Pull" Distribution Models Based 
On Classes 

Notwithstanding the noted trend toward "push" content 
5 delivery models, the present inventions also enhance the efficiency, 
focus, specificity, and convenience of cpntent "pull" models. In one 
example 2300 (Figure 49), the matching and classification utility 900 
sends in VDE containers 2306(1 )-2306(n) at least one administrative 
event and/or associated method that pierforms classification and/or 
10 class assignments to a VDE-aware appliance. The administrative 
events and method(s) are processed under the control of the VDE 
node. In one example, the results of processing the classification 
method may indicate at least one class of content and/or services of 
interest to a user and/or node. The classification method may also 
1 5 create at least one class hierarchy, class, classification scheme, 
category and/or category scheme using at least some rights 
management information and assign at least one service and/or at 
least some content to at least one category and/or class. 

Subsequently, a VDE container 2308 may be sent to a provider 
20 2302 with information indicating at least one class of content, 

services, transactions, rules and/or usage consequences, such as the 
ability to modify, excerpt and/or reformat, and/or events and a request 
that that the provider send content and/or pointers to services that 
meets the stated criteria and/or descriptive information about such 
25 content, services, transactions, and/or events to the requesting user 



WO 99/24928 PCT/US98/23648 

148 

and/or node. The request may, for example, be initiated explicitly by 
the user and/or node or may be initiated by the node accordingto one 
or more administrative events and associated methods and/or control 
sets. In turn, the content provider 2302 sends a VDE container 2304 
5 to the requesting user 2306(1) with content-that matches the desired 
selection criteria and/or profile. 

The user may elect to use, consume, purchase, and/or rent one 
or more content objects (or use one or more services). As this one 
example shows, the user pulls in content and/or interacts with services 
1 0 by matching at least one class indicating user preferences with at least 
one class of content objects and/or services and/or transaction types. 

Example: The Enterprise Distributed Matching And 
Classification Utility 

Businesses and other organizations may be concerned with 
1 5 privacy and confidentiality regarding information and/or services 
used within the company. This concern may be manifest regardless 
of whether the information and/or services originated inside and/or 
outside the organization. Thus some organizations may have strong 
incentives to take advantage of the present inventions by operating a 
20 distributed matching and classification utility 900 to provide 

matching and classification services within the enterprise while at the 
same time maintaining a higher degree of confidentiality and privacy 
by selecting and/or limiting the nature, range, and detail of 
information sent outside the organization. 



WO 99/24928 PCT/US98/23648 

149 

Figure 50 shows an example 2400 of an entity 2406 that has 
one or more VDE enabled appliances and users 2420(1 )-2420(5) on a t 
corporate Intranet 241 8. These appliances may be, for example, 
computers, workstations, mainframes, or more specialized devices, 

5 such as supercomputers and/or graphics workstations for animation - 

i * 

and special effects. The company may also operate internally one or 
more Commerce Utility Systems, perhaps including a financial 
clearinghouse 200, a usage clearinghouse 300, and a matching and 
classification utility 900. The company may also operate at least one 

1 0 content server 24 1 4. These commerce utility systems and servers are 
also connected to the company Intranet 2418. The company 2406 
also maintains one or more connects to the Internet 2402. (In another 
example the company may maintain connections to at least one 
private network operated by themselves and/or another party in 

1 5 addition to, or instead of one or more connections to the public 
Internet.) The content server(s) may provide access to internal, 
proprietary company information and/or to external, often 
commercial information. The internal content server may act as a 
gateway to external providers 2404(A)-2404(C) and/or may host 

20 commercial content locally on a content server 2408. 

In one example, VDE audit records and/or other rights 
management information are sent in VDE containers 2412 from one 
or more VDE nodes 2420 to the enterprise usage clearinghouse 300 
which may forward at least some of this usage information in VDE 
25 containers 241 0 to the enterprise matching and classification utility 



WO 99/24928 PCT/US98/23648 

150 

900. The enterprise matching and classification utility 900 may also 
collect from internal information sources 2414 information in 
addition to audit and rights management information, such as ( t 
information in a human resources, accounting, and/or budgeting 

5 database containing data about company employees. These data may 
indicate, in one example, titles and responsibilities within the . 
company, budgets allocated for external information and/or services, 
authority to spend, and budget remaining. The budget and financial 
information may have come in part from the financial clearinghouse 

10 200. The matching and classification utility 900 may also create at 
least one class hierarchy, class, classification scheme, category and/or 
category scheme using at least some rights management information 
and assign at least service and/or at least some content to at least one 
category and/or class. 

1 5 In one example, using at least some VDE rights management 

data, for example, whether certain information can be viewed by 
anyone, by any employee, or only by employees in certain job 
classes, such as "manager," the enterprise matching and classification 
utility 900 creates one or more categories and assigns one or more 

20 employees and/or VDE nodes to one or more topic categories. These 
categories may, for example, indicate content and/or service topics, 
subjects, and/or content areas of potential interest to each employee 
and/or groups of employees sharing at least one attribute in common, 
for example, similar interests and/or responsibilities. 



WO 99/24928 PCT/US98/23648 

In turn, the enterprise matching and classification utility 900 
sends to at least one external content and/or service provider 2404 on 
Internet 2402 one or more VDE containers 2424 with information that 
indicates categories of interest. The content providers 2404 may 
5 themselves be specialized; in one example, a content provider may 
specialize in general business and financial news while another may 
specialize in scientific, medical, and/or technical information. In 
another_.example, a single content and/or service. provider may 
provide an extremely broad range of content and/or services. 

1 0 The external provider may send at least one VDE container 

2422(1) with content and/or rules and consequences and/or metadata 
about content and/or services to a content server internal to the 
enterprise. In another example, such VDE container(s) 2422(2) may 
be sent directly to an employee and/or one or more groups of 

15 employees. The information sent by the external provider is tailored 
to, or in some way responsive to the content and/or service categories 
requested by the enterprise matching and classification utility 900. 

In another example, the enterprise matching and classification 
utility 900 itself may be a distributed commerce utility implemented 
20 on more than one computer and/or other appliance within the 

enterprise. These several matching and classification utility 900s may 
serve different geographic areas and/or may themselves specialize in 
particular content and/or service areas. 



WO 99/24928 PCT/US98/23648 

152 

In another example, the enterprise matching and classification 
utility 900 send class and/or class assignment information to a 
matching and classification utility 900 in another organization that, in' 
turn, may be part of a common value chain. 

5 Example: Chain of Handling and Control Entails 
Class-based Rules and Usage Consequences 

VDE-based value chain management or "chain of handling and 
control" disclosed in "Ginter et aF'^nables, amongst other things, 
plural parties to independently contribute rules and usage 
1 0 consequences under the authority and/or control of more senior or 
prior participants in the value or distribution chain. Class-based rules 
may play a role in the efficiency and effectiveness of creating, 
operating, and/or extending value chain processes. 

Figure 51 A shows an example 2500 of a publisher ABC 2502 
1 5 using a VDE packaging application 25 1 0 to put into a VDE secure 
container 2512 sets of rules and usage consequences that may vary 
according to class. In this non-limiting example, the class is "content 
type." The publisher may have rights in a wide variety of content and 
content types. Consequently, the publisher may create rules for text 
20 objects that may differ from rules for audio objects. 

The publisher 2502 sends the class-based rules and usage 
consequences to a first creator 2504 who also has installed VDE on 
her or his appliance 2516 and who has also been given one or more 
certificates and/or other digital credentials by the publisher (and/or 



WO 99/24928 PCT/US98/23648 

153' ' 

trusted third party) indicating that he is indeed a creator authorized by 
the publisher 2502. The publisher has included rules that allow only 
authorized value chain participants to package content using publisher 
provided rules and/or to modify, enhance, extent, and/or change some 
5 or all of the publisher's rules. 

The first creator 2504 then uses a VDE packaging application 
25 1 0 to package an image he has created irt a VDE container 25 14 
according to the rules provided by the publisher and with the addition ' 
of the creator's own rules. In one example, the first creator 

1 0 contributes rules that implement a one-time 50 cent charge to the 
consumer for opening and viewing the creator's image. The creator 
may also contribute rules reflecting his wish to receive audit records 
with information concerning the consumer and/or context in which 
the image was used. These creator rules and usage consequences are 

1 5 contributed generally independently of the rules and usage 

consequences contributed by the publisher. Note that the VDE 
container 25 14 now holds at least the publisher's 2502 rules for each 
object class, the first creator's image and his associated rules and 
usage consequences. 

20 A second creator 2506 receives the VDE container from the 

first creator and using a VDE packaging application 251 6 adds a text 
file to the container 2520 along with her rules and usage 
consequences. As before, she also has a certificate and/or other 
digital credential(s) identifying her as authorized by publisher ABC to 



WO 99/24928 PCT/US98/23648 

154 

add and/or modify content and rules and usage consequences. As in 
the case of the first creator 2504, she adds her text and rules and 
usage consequences generally independently of controls contributed • 
by prior participants. She may, in one example, prevent printing of 
5 the text and charge $1 .00 the first time a consumer opens and views 
the text. 

The VDE container 2508 now holds text and rules and usage 
~ consequences contributed by creator 2 (2506), an image and rules and 
usage consequences contributed by creator 1 (2504), and the class 
1 0 based rules (and perhaps other rules as well) contributed by example 
publisher ABC 2502. 

Creator 2 (2506 sends the VDE container 2508 to publisher 
ABC 2502 who then sends the container 2522 directly and/or 
indirectly to consumers. When the consumer uses the content, the 
1 5 rules and usage consequences of all three value chain participants 
(and of other possible participants as well, distributors and 
repackages, for example) are applied. 

Example 2600, Figure 5 IB shows that the publisher 2602 may 
have sent a VDE container 2612 with various rules and usage 
20 consequences to a matching and classification authority 900 who may 
classify the rules and send the rules and their class assignments to a 
rights and permissions clearinghouse 400. The matching and 
classification utility 900 may also create at least one class hierarchy, 
class, classification scheme, category and/or category scheme using at 



WO 99/24928 PCT/US98/23648 

135* " 

least some rights management information and assign at least one rule 
to at least one category and/or class. 

An authorized first creator 2604 may send a VDE container 
261 7 to the rights and permissions clearinghouse 400 asking for rules 
5 in the class n rules for authorized creators, for image objects, from 
publisher ABC. 1 ' The rights and permissions clearinghouse 400 
returns a VDE container 2614 with.rules in the requested class. The 
first creator 2604 uses a packaging application 261 6 to package his ' 
image using these rules plus rules and usage consequences reflecting 
10 his rights and wishes and sends the VDE container 2614 to the second 
creator 2606. 

The second creator 2606 also sends a VDE container 2619 to 
the rights and permissions clearinghouse 400 asking for rules and 
consequences in the class "rules for authorized creators, for text 

1 5 objects, from publisher ABC." The rights and permissions 

clearinghouse 400 returns a VDE container 2621 with rules and 
consequences in the desired class. The second creator 2606 uses a 
packaging application 2618 that determines that she is a creator 
authorized by publisher ABC 2602 and goes ahead and adds her text 

20 object and her rules and consequences to the VDE container 2608, 
which is then sent to the publisher ABC 2602 for further 
augmentation, vending, and/or distribution to other value chain 
participants. 



WO 99/24928 PCT/US98/23648 

156 

Example: Secure Directory Services May Provide 
Class And Class Assignment Information 

Whole industries have arisen to target communications to 
individuals, organizations, groups, and/or other classes sharing at 

5 least one common attribute, and/or to provide directories from which 
others can locate individuals, organizations, groups, and/or other 
classes. Examples of these industries include direct marketing, 
advertising, yellow and white pages directories, directories of 
directories, and various electronic and paper membership lists and 

10 professional directories. 

In addition to identifying information such as names, e-mail 
addresses, physical mailing addresses, phone numbers, fax numbers, 
and/or similar attributes, the. secure directory services 600 may also 
provide information about class membership(s) for individuals, 

15 devices, services, groups, and/or organizations. The non-limiting 
example 2700 shown in Figure 52 includes a secure directory service 
600 that has received class and class assignment information for one 
or more individuals 2716(l)-2716(n). The class assignment 
information is shown in the bottom four rows of the directory record 

20 2718(1) for one individual. 

In this example, a content provider 2702 sends a VDE 
container 2704 to a secure directory services 600 asking whether the 
service can provide a list of individuals in class "AF." The requested 
class could be any class defined by one or more attributes and may be 
25 based on usage profiles that include rights management information, 



WO 99/24928 PCMJS98/23648 

157*' • 

non-exhaustive examples of which include price, payment methods 
accepted, permitted operations, meters, and privacy controls. 

The secure directory services 600 returns to the content 
provider in a VDE container 2706 an indication that there are 
5 presently 57 individuals known to that service in class "AF." In turn, 
the content provider 2702 sends a VDE container 2708 with at least 
one piece of content and/or rules and usagfe consequences back to the 
secure directory services 600 along with instructions requesting that ' 
the secure directory services 600 forward the content and/or control 
10 sets to each of the 57 members of class "AF" who might be interested 
in this piece of content. The secure directory services 600, in turn, 
forwards the content and/or controls (in VDE containers 2714(1)- 
2714(n)) to members of class "AF," who may elect to interact with the 
content in accordance with their associated rules and consequences. 

15 In another example, the secure directory service 600 may send 

identifying information 2710 directly to the content provider 2702 
who may then send content 2712 in one or more classes directly to 
one or more members 27 1 6( 1 )-27 1 6(n) of the class. The secure 
directory services 600 may, for example, include permissions for the 

20 class information that have expiration dates and/or limits on the 
number of times the information can be used. 



WO 99/24928 PCT/US98/23648 

158 

Example: Matching And Classification Utility 900 
Supports Class-Based Micro-Merchandising And 
Micro-Segmented Sales Processes 

The present inventions may be used in support of services as 
5 well as content distribution based business. Example 2800 (Figure 
53) shows a travel company 2801 sending a VDE container 28 1 0 to a 
matching and classification utility 900 requesting information on 
those individuals who may be interested in certain combinations of 
leisure-time activities. These classes might have been defined at least 

10 in part on the basis of usage and other rights management information 
2816, for example, the kind of leisure-time information recently 
looked at, for how long, and/or its cost, and/or the kind of Web sites 
recently frequented, sent from consumer VDE nodes 2802(1 )-2802(n) 
to the matching and classification utility 900, and/or to a usage ■ 

1 5 clearinghouse 300 who, in turn, sends at least some of the usage 

information (or a summary form of such information) to the matching 
and classification authority 900. Classes may also be defined using 
information gathered directly from the consumer 2818, perhaps under 
the control of VDE. The matching and classification utility 900 may 

20 also create at least one class hierarchy, class, classification scheme, 
category and/or category scheme using at least some rights 
management information and assign at least one consumer, service, 
and/or at least some information to at least one category and/or class. 

Example Figure 53 shows that a consumer 2802(1) has recently 
25 indicated a preference and/or interest in skiing, music, and flying to 



WO 99/24928 PCT/US98/23648 

159 

Colorado. Another consumer 2802(n) has indicated a preference for 
and/or interest in surfing Hawaii. These preferences may be 
determined at least in part on the basis of rights management 
information. In response queries sent in one or more VDE containers 
5 2810 from the travel company asking for interest and preference . 1 
information, the matching and classification utility 900 returns one or 
more VDE containers 2812 with identifying and class information. 
The travel company may send information about already existing 
vacation packages and/or packages specially created to meet the 

10 specific interests of one or more individuals, for example, information 
about skiing in Colorado, and rock concerts 2604 to consumer 
2802(1) and information 2614 about surfing Hawaii to consumer 
2802(n). The recipients may send VDE containers 2806 to the travel 
company 2801 indicating agreement to buy the package offered or 

1 5 may request additional information or may negotiate terms and 
conditions such as price, departure date, insurance, and the like. 
These negotiations may be conducted using the inventions described 
in "Ginter et al", Figures 75A-76B using VDE negotiations. 

Both services and/or hard goods may be offered to particular 
20 persons, nodes, groups, and/or entities based on the class membership 
of the potential purchaser and the class membership of the goods 
and/or services to be purchased. Thus in another example, the travel 
company could have included the purchase and/or rental of the skis or 
of the surfboard. 



WO 99/24928 PCT/US98/23648 

160 

Example: Matching And Classification Utility 900 
Supports Trading in Hard Goods 

Business to business trading in goods and/or services may be f 
substantially facilitated through services provided by the matching 
5 and classification utility 900. Information on-certain classes of goods 
and services may be delivered to certain people, groups, or entities 
based on the class membership of the recipient. In one example, these 
various class memberships may be determined using control set and 
audit information regarding trading preferences and/or transaction 
1 0 patterns. In another example class membership may be determined 
by actions and/or information provided by at least one value chain 
participant. 

Example 2900 (Figure 54) shows a buyer A 2904 sending a 
VDE container 2908 to a trading company 2902 with a request asking 

1 5 if trading company will sell company A one or more desired items. 
Trading company 2902 may then send a VDE container 2910 to a 
matching and classification utility 900 with a query asking who can 
supply the desired items under terms and conditions that are also 
included in the container. Since these terms and conditions may be 

20 the subject of negotiations, they may be in a format conducive to 
VDE-based negotiations as described in "Ginter et al" Figures 75A- 
76B. 



25 



The matching and classification utility 900 may send inquiries 
2910 to one or more suppliers 2906(A)-2906(N) and/or may have 
already received information and/or associated control sets from 



WO 99/24928 PCT/US98/23648 

161 

suppliers in VDE containers 2912. Based on the request from trading 
company 2902 and supplier 2906 information obtained 2912, the 
matching and classification authority 960 returns a VDE container 
2916 indicating that in this one example, suppliers A 2906(A) and Z 
5 2906 (N) can provide goods in the class(es) defined by trading 
company's 2902 request(s) 2910. In turn, trading company 2902 
sends at least one VDE container 2918 to buyer A 2904 indicating 
that they will sell buyer A the previously requested items under the 
enclosed terms and conditions. In another example, there may be 
1 0 some VDE-based (see "Ginter et al", Figures 75 A-76B) negotiations 
between the various parties in this value chain, including between 
trading company 2902 and buyer A- 2904. 

In another example, buyer A 2904 may consult the matching 
and classification authority 900 directly and may then purchase 
15 directly from one or more suppliers 2906. 

Example: Matching And Classification Utility 900 
Supports Securities Trading/Brokering 

In addition to hard goods, the matching and classification 
authority 900 may also support securities trading. Example 3000, 

20 Figure 55, shows the matching and classification authority 900 
sending to a VDE-aware appliance with one or more stock trading 
related applications 3004 a VDE container 3010 with an 
administrative event and method (as described in "Ginter et al") for 
classifying equities related information, including, as non-limiting 

25 examples, current and historical price, volume, and index 



WO 99/24928 PCT/US98/23648 

162 

information, financial performance data for publicly held companies, 
forecasts, risk management information, options and futures, and the 
like. The classification method may also utilize rights and ( . 
permissions, including access control information, permitted 

5 operations, and/of expiration times and/or dates for rights 

management information. The classification method may also. create 
at least one class hierarchy, class, classification scheme, category 
and/or category scheme using at least some rights management 
information and assign at least one element to at least one category 

10 and/or class. 

In turn, using the VDE aware appliance 3004, the stock trader 
3006 sends a smart object 3012 to at least one information source 
3002 asking for information in at least one class identified by the 
classification method. In one example, the class may be information 

15 concerning "publicly traded companies with annual revenue greater 
than S500M in the healthcare sector in which the CEO has been in 
place less than 5 and greater than 1 year and with access restricted to 
customers (rather than available to anyone) with access and use 
expiring in 90 days." The information provider(s) 3002 returns a 

20 VDE container 3014 with information meeting and/or more closely 
meeting the stated class criteria. Based upon this and other 
information, the trader 3006 may go ahead and enter an order for at 
least one trade in at least one stock 3008. In another example, the 
trader may create or obtain methods that trade automatically in certain 

25 classes of securities. 



WO 99/24928 PCT/US98/23648 

163 

Example: Matching And Classification Utility 900 
Supports Trading in Currency and Debt Instruments 

Among the classes of great value to traders are the classes of 
items whose trading maximize profits and/or minimize losses. 
5 Example 3 1 00, Figure 56, shows a trader in currency and/or debt 
instruments 31 02 sending a VDE contaiher with market and other 
financial and economic information and VDE control set information 
3 1 08 to a matching and classification authority 900 with a query 3114 

i 

asking the matching and classification authority 900 to identify the 
1 0 class of currency trades and/or debt instrument trades that maximizes 
profit and/or minimizes losses. The matching and classification 
authority 900 applies one or more ipethods to the data and returns at 
least one class definition 3112, the assignment of possible trades to 
that class 3110, and relevant control set information, such as controls 
1 5 indicating who may see the information, and those that prevent 
unauthorized modification of the information. The matching and 
classification authority 900 may also return methods for executing the 
trade. The matching and classification utility 900 may also create at 
least one class hierarchy, class, classification scheme, category and/or 
20 category scheme using at least some rights management information 
and assign at least some trading information to at least one category 
and/or class. 

The example trader 3102 examines the recommendation and 
sends VDE containers 31 1 8 (A, B) with trade methods and control 
25 sets to a foreign exchange market 3 1 04 and/or to a debt instrument 



WO 99/24928 PCT/US98/23648 

164 

market 3 106 where the trades are consummated. The markets send 
back VDE containers 3 1 1 6(A, B) with audit information indicating 
the results of the trading order. In another example, the matching and 
classification authority 900 may be instructed to send trading orders 

5 directly to the market(s) for execution. In another example the trader 
may send a VDE container to at least one source of relevant 
information asking that source to send certain information to the 
matching and classification authority 900. In another example, - - 
having established the desired trade(s) using the matching and 

1 0 classification authority 900, the trader may place the trade by phone 
and/or computer and/or other communications device without using 
VDE. 

Example: Matching And Classification Utility 900 
Supports Consumers Locating Services That Are 
1 5 Members Of A Specified Class 

The services of the matching and classification authority 900 
may also benefit consumers by locating certain classes of services. 
Example 3200, Figure 57, shows a consumer sending a VDE 
container 3206 to a matching and classification authority 900 asking, 
20 n which banks are in class A?," where class A are "those banks that 
offer the highest savings interest, no ATM fees, online/Web banking 
using VDE, insured accounts, free checking with balances larger than 
$2,500, "image" statements (where check images rather than the 
actual checks are returned), and complete privacy protection (except 



WO 99/24928 PCT/US98/23648 

165' 

where legally required to disclose) for VDE based banking 
transactions. 

The example matching and classification authority 900 sends a 
query in a VDE container 3208 to one (or more) information sources 

5 3202 and receives one or more VDE containers 3210 with the 

requested information. The matching and classification authority 900 
then determines which bank or banks meet the stated criteria of the 
consumer 3204 and then sends a VDE container 3212 with the answer' 
to the consumer, in this example, banks A, B, and C. The consumer 

10 3204 may then go ahead and execute a financial transaction, for 

example, transferring funds from one bank to a bank identified by the 
matching and classification utility 900 as offering higher interest 
rates, while being assured of maximal privacy for this (and perhaps 
other) transactions. 

1 5 In another example, after determining which banks are in the 

desired class, the matching and classification authority 900 may send 
a VDE container to one or more banks saying that the consumer 
wishes to know about their services and requesting the bank to 
contact the consumer directly. The bank may send controls ensuring 

20 the privacy of future interactions with the customer. For example, 
controls that apply to audit records such that only the bank and the 
consumer will have permission to access these records. 



WO 99/24928 PCT/US98/23648 

166 

Example: Matching And Classification Authority 900 
Supports Class-Based Software Distribution 

VDE and the inventions disclosed in "Ginter et al" at last 
provide a way of ensuring that the efforts expended on creating 
5 software will be rewarded since the software can now be persistently 
protected, usage information can be collected, and payment ensured.* 
These inventions also support micropayments and microtransactions, 
thus creating a world in which the price of software objects — any 
kind of objects actually — may become very small. Pay per use, 
1 0 rental, rent to own, and other pay as you go pricing models together 
with VDE may create a new explosion of creativity in software design 
and creation, since use prices will be low and providers can be 
assured of receiving payment. 

The present inventions provide opportunities for software 
1 5 providers to more efficiently market their wares. Example 3300, 
Figure 58, shows a number of users with VDE installed on their 
appliances 3304(A-F). These people are using software (and other 
content). VDE meters usage of various objects and sends audit 
records in VDE containers 3306 (A-F) to a usage clearinghouse 300, 
20 which then sends audit records 3308 to the matching and 

classification authority 900. A software distributor 3302 sends a 
VDE container 33 10 to the matching and classification authority 900 
with a query asking who is in the class, "buys Java applets, with pay 
per use pricing, and for which the cost per use is between $.0001 and 
25 $.001?" 



WO 99/24928 PCTAJS98/23648 

167 

The matching and classification authority 900 returns a VDE 
container 3312 with a list of names and (network) addresses of those 
matching, or most nearly matching the desired characteristic(s). The 
software distributor 3302 then sends at least one VDE container 3314 
5 with at least one software object, and/or a pointer to a software object; 
in this case a Java applet, and perhaps other relevant information, 
such as VDE control sets and/or various metadata describing some 
aspect of the object, for example, what, it does, what it costs, etc. The 
user may then elect to use the object or not. In another example, 
1 0 instead of individuals or VDE nodes, the users might be groups of 
nodes, users, organizations, parts of an organization, and others that 
can be identified as belonging to at least one class. In this case, the 
software may be offered to some or all members of class, group 
and/or organization. 

15 Example: Matching & Classification Utilities Provide 
Services To Authenticated Classes of Nodes, Users, 
Content Services and/or Transaction Services 

Among the ways in VDE nodes, users, content services, and/or 
transaction services can be authenticated is through the use of 

20 certificates and/or other digital credentials issued by an appropriate 
trusted third party, a certifying authority 500, for instance, that 
warrants and/or attests to some fact or facts, which may include 
membership in one or more classes, including the identity class. 
Figure 59 shows a non-limiting example 3400 in which a number of 

25 matching and classification authority 900(1 -N)s, each of which may 



WO 99/24928 PCT/US98/23648 

168 

provide its services to different classes, where class membership is 
authenticated using certificates and/or other digital credentials. In 
other examples, additional authentication mechanisms may be used in 
combination with, or instead of certificates, such as information 
5 known only to the user, VDE node, and/or appliance, including 
passwords, cryptographic keys, information stored in hardware, 
and/or software. 

In example 3400, Figure 59, commerce participants including, 
the matching and classification authority 900, may make rules and 

10 consequences conditional on class definitions and/or the assignment 
of members to a class. Class membership may be authenticated by a 
certificate and/or other digital credential issued by one or more 
commerce participants in addition to, and/or instead of a trusted third 
party such as a certifying authority 500. For example, a certificate 

1 5 and/or other digital credential may attest to user identity, that is, that a 
user is the user he or she claims to be. Nodes, devices, networks, 
servers, clients, and services, are other non-limiting examples of other 
commerce elements that may be authenticated with certificates and/or 
other digital credentials. Any commerce participant may issue a 

20 certificate, but other participants are not required to accept a given 
certificate as an authenticator. 

Figure 59 shows multiple matching and classification 
authorities 900(1 )-900(N). each of which may provide services to 
members of a particular class, in these non-limiting examples, to 



WO 99/24928 PCT/US98/23648 

169 

nodes in a particular deployment (matching and classification- 
authority 900(1)), in a particular vertical segment and/or institution of 
society, such as Higher Education (matching and classification 
authority 900(2)), one or more value chains, such as business 
5 information content providers (matching and classification authority . 
900(3)), and/or a particular transaction and/or service arena, such as 
hard goods trading (matching and classification authority 900(n)). 
Other commerce utility systems, a certifying authority.500 shown in 
Figure 59, for instance, may also provide services to a class. In each 
10 of these instances, the services of the matching and classification 
authority 900 may depend upon finding certain authenticating 
certificate(s) and/or other digital credentials on the appropriate VDE 
nodes. 

For example, matching and classification utility 900(1) 
1 5 provides services to nodes 3410(l-n) in the deployment 3402 
administered by VDE administrator 800. Each node may have a 
certificate 3412 issued by certifying authority 500(1) that provides 
services to this deployment. 

In another example, certifying authority 500(2) provides 
20 certificates and/or other digital credentials to participants in a higher 
education value chain 3404 consisting of an arbitrary number of 
colleges and universities 3416(l)-3416(n), providers 3418(1) and 
students 341 8(n), and a matching and classification utility 900(2) that 
provides classification, matching, and selection services to higher 



WO 99/24928 PCT/US98/23648 

170 

education 3404. In one example, the matching and classification 
utility 900(2) only provides services to value chain participants who 
have a certificate 3420 issued by certifying authority 500(2). ( 

Matching and classification utility 900(3) services can be 
,5 provided only to members of one or more classes based on certificates 
issued by a certifying authority 500(3). In one example, the class is 
participants in a business information value chain 3406, comprising 
an arbitrary number of content providers 3424(1 )-3424(n), an 
arbitrary number of users and/or consumers of business information 
1 0 3422(1 )-3422(n), and a certifying authority 500(3) that issues 

certificates and/or other digital credentials to members of the value 
chain 3406. 

In addition to membership in certain deployment, institutional, 
and/or content usage classes, the matching and classification authority 

1 5 900(4) may provide services to members of a certain transactional 
value chain, in one example, traditional transactions 3408. In this 
example, a certifying authority 500(4) issues certificates 3432 to one 
or more companies 3428(1 )-3428(n) and one or more trading 
companies 3430(1 )-3430(n). In another example, other participants 

20 may receive certificates and/or other digital credentials, including 

banks and financial institutions, government authorities, for example, 
tax and/or customs authorities, consumers, suppliers, and/or 
transportation companies. The matching and classification utility 
900(4) provides services only to those entities and/or individuals in 



WO 99/24928 PCT/US98/23648 

171' 

possession of the appropriate certificate 3432 indicating that the 
holder of the certificate is an authenticated participant in one or 
another trading value chains. 

In other examples, a commerce utility system may provide 

> i 

5 services to more than one class where class membership is indicated 
by at least one certificate and/or other digital credential issued by a 
certifying authority 500 and/or value chain participant. In one 
example, matching and classification authority 900 might provide 
services to the class "Higher Education 1 ' and to the class "K-12 

10 Education." 

Possession of a certificate and/or other digital credential may 
be among the information used to classify a node, user, appliance,, 
device, entity, and/or other commerce participant, and rules and 
consequences can be made conditional on membership in one or more 

1 5 authenticated classes and/or on the degree of confidence the rule 
provider has in the trustedness of the certificate and/or other digital 
credential issuer. In one example, a discount to higher education may 
be larger if the root for chain of trust for a given certificate is a well- 
known, highly respected and trusted third party, such as an 

20 authoritative accrediting organization, and smaller if the root belongs 
to the MIS department of a small college. In this example, the 
provider is willing to grant a higher discount when there is higher 
certainty that the recipient is in fact a member of a specific class or 
classes. 



WO 99/24928 



PCT7US98/23648 



172 

Example: Matching And Classification Authority 900 
Supports Control Sets Based In Part On Employee 
Classes, Content Classes, And/Or Certificates And/or 
Other Digital Credentials , . 

5 Chain of handling and control enables, amongst other things, 

multiple organizations to work together in secure, trusted, efficient, 
cooperative commerce processes. One way in which the presfent 
inventions extend these ideas is through control sets with rules and 
■ usage consequences that may be based in part on classes and the 
1 0 assignment of persons, entities, devices, content, services, or other 
process elements to classes of one kind or another by the matching 
and classification authority 900. 

One example technique to classify employees is at least in part 
according to their roles and responsibilities within an organization. 

1 5 The matching and classification utility 900 supports classification, 

matching, creation and/or modification of VDE control set(s) based at , 
least in part the class assignment of individual and/or groups of 
employees. In part by virtue of their employee classification, at least 
one employee may receive certain rights management information, 

20 for example, permission to access certain classes of information or 
permission to perform one or more permitted operations, transactions 
and/or events. 



25 



Example 3500, Figures 60A-60C shows a nurse 3504(1), 
physician 3504(2) , and billing clerk 3504(3) all work directly for an 
example hospital- The present inventions are in no way limited to 



WO 99/24928 PCT/US98/23648 

173' 

hospitals, but apply to any organization, group, entity, and/or 
institution with at least some defined roles and responsibilities and/or 
other class definitions that apply to employees, members, and/or 
others associated, affiliated, and/or employed by the organization, 
5 group, entity and/or institution. Rights management information may 
be part of the claim definition, for example, permissions to view, 
modify, excerpt, and so on. 

Control sets may provide permissions conditional on employee' 
class, for example, certain classes of employees may modify certain 

1 0 information and/or classes of information in a database while others 
may not. Class membership may be indicated by digital credentials, 
non-limiting examples of which include digital certificates and digital 
membership cards. Controls may be conditional on other information 
as well, for example, some computers and/or display devices may not 

1 5 show certain classes of data or updates to certain data elements may 
not be performed from certain computers or display devices. 

Another example role is a representative 3504(4) of an 
insurance company 3508, who may have access to certain classes of 
hospital information by virtue of her or his class membership(s), some 
20 of which may derive from her or his role in the insurance company 
3508 and/or from the insurance company's relationship with the 
hospital and/or with some of the hospital's patients and/or staff. The 
present inventions are not limited in application to an insurance 
company, but may be applied to any individual, group, organization, 



WO 99/24928 PCT/US98/23648 

174 

entity, and/or institution with whom the example hospital and/or other 
entity has some form of relationship. 

An example insurance company 3508 have received a 
certificate in a VDE container 3534 issued by certifying authority 

5 500(1) attesting to the identity of the insurance company. In another; 
example, this certificate and/or one or more additional certificates 
may attest to the fact that the insurance company has the appropriate 
charter, licenses, and other grants of authority to be in the health 
insurance business. The certifying authority 500(1) may also send a 

10 certificate in a VDE container 3532 attesting to hospital's identity. In 
another example, this certificate and/or one or more additional 
certificates may attest to the fact that the hospital has the appropriate 
charter, licenses, and other grants of authority to provide hospital and 
related services. 

1 5 The insurance company 3508 may have sent one or more 

control sets to the hospital in a VDE container 3542. These controls 
may be based in part on one or more certificates 3530 and/or on the 
classification output of an example matching and classification utility 
900(2) operating within and/or on behalf of the insurance company 

20 3508. The controls in container 3542 may indicate which individuals 
are actually employees of the insurance company, employee 
membership in one or more classes, permissions associated with that 
individual and/or class, and/or permissions associated with specific 
devices, communications channels (devices, ports, etc.), and/or 



WO 99/24928 PCT/US98/23648 

; 175- ■ 

processes. In this one example, the hospital matching and 
classification utility 900(1) may create controls using the same and/or 
additional classes and controls received from the insurance company 
3508. 

5 The insurance company 3508 may also provide one or more 

certificates to the hospital attesting to the fact that one or more 
information sources within the insurance company are to be take by 
the hospital as trusted sources. Lastly, in .this regard, the insurance 
company may issue one or more certificates on behalf of each 

10 employee attesting that each is in fact an employee of the company 
and may have certain authorizations. 

In example 3500, Figures 60A-60C, a matching and 
classification utility 900(1) has identified various classes of hospital 
employees using information from at least one hospital information 

15 system 3502 and/or VDE node. The matching and classification 

utility 900(1) may also make use of certificates issued by a certifying 
authority 500(1 )outside (a trusted third party) and/or a certifying 
authority 500(2) inside the hospital. Using data dictionaries 3522, 
patient records 3520, various employee information 3524, automated 

20 procedures, and/or other means, the matching and classification utility 
900(1) creates classes 3526 of patient record information and 
associates one or more control sets 3528 with each class of 
information and/or with a patient record as a whole. These control 
sets may specify who has permission to use and/or modify the record 



WO 99/24928 PCT/US98/23648 

176 

and/or an element(s) of the record that has been assigned to one or 
more classes on which the control set(s) may in part depend. In one 
example, the class based controls 3528 may be combined with other, 
hospital and/or other party controls, controls from the insurance 
5 company 3508, to create new controls 35 1 0(l)-35 1 0(n) associated 
with patient records 3512(l)-3512(n). ' 

The example nurse 3504(1) and physician 3504(2), for 
example, may be able to view, modify, print, and/or copy patient's 
name, address, and other similar descriptive information, next of kin, 

1 0 insurance, and medical information in accordance with controls 
3510(1) and 3510(2), respectively . In another example, some 
members of the class "nurse" and/or the class "physician" may have 
different permissions by virtue of membership in one or more 
additional classes. A physician who is in the class "hospital 

1 5 administration" may have different permissions, for example, to 
billing records. 

A billing clerk 3504(3) in the hospital may not have permission 
in control set 3510(3) to view medical information and/or next of kin, 
and in this example may be restricted to name and other patient 
20 descriptive information, insurance information, and billing 

information from the patient record. A representative 3504(n)of the 
insurance company may have permission by virtue of control set 
351 0(n) to view, but no permission to modify, print, or copy patient 
record 3512(n). In each of these examples, the VDE control sets are 



WO 99/24928 PCT/US98/23648 

1 77' 

at least partially conditional on the presence, and/or absence of certain 
certificates indicating membership in one or more classes. 

The present inventions may be applied to any information, 
person, group, device, network,, service, database that pertains to any 
5 commerce activity whatsoever, and regardless of whether the parties 
to the commerce activity are individuals, groups, entities, , 
organizations, institutions, nations, ( and/or societies. 

Example: Matching And Classification Authority 900 
Supports Classes And Matching Based In Part On 
1 0 Workflow And Work Process Automation 

Not only do the present inventions enhance commerce 
processes that principally entail information, but the present 
inventions enhance workflow and work process automation as well. 
Example 3600, Figure 61, shows PCs 3608(a-c) functioning as station 
1 5 controllers connected to various manufacturing devices 3610 (a-c). 
These station controllers that exchange data and instructions with the 
equipment they control and/or manage. The station controllers are 
VDE-enabled. In another example, the manufacturing equipment 
may also have VDE nodes installed. 

20 An example work in progress (WIP) and/or manufacturing 

control application 3606 keeps track of the overall manufacturing 
processes and exchanges information with other applications not 
shown, such as materials management, materials ordering, order 



WO 99/24928 PCT/US98/23648 

178 

databases, logistics, inventory, accounts payable, accounts receivable, 
general ledger, human resources, time cards, and the like. 

An example employee 3602 of the company sends a query 
3612 in a VDE container 3604 to an enterprise matching and 
5 classification utility 900 within the company asking, "which VDE- , 
controlled equipment will be available 3rd shift today, for 2 hours, 
capable of performing operations xyz with a nominal error rate of less 
than .0001 per cent? 11 The enterprise matching and classification 
utility 900 may request data 3616 from the WIP/manufacturing 

10 process control application 3606 and/or may already have access to 
the required data, indicating equipment availability, security level, 
capabilities, and statistical error rates. The WIP/manufacturing 
process control application 3606 may return a VDE container 361 8 
with the requested information. Based upon the query and available 

1 5 information, the matching and classification utility 900 responds by 
sending a VDE container 3620 to the employee 3602 with the answer, 
"equipment B and equipment C." In turn, the employee 3602 sends 
another VDE container 3622 to the WIP/manufacturing process 
control application 3606 with VDE a control set(s) indicating B and C 

20 should be scheduled for 2 hours on 3rd shift to do xyz operations. As 
part of this particular chain of handling and control, the 
WIP/manufacturing process control application 3606 sends VDE 
container 3624 to the VDE-enabled station controllers for equipment 
B or C with control sets that schedule work and specify the 

25 manufacturing processes and/or "recipes" for those specific 



WO 99/24928 PCT/US98/23648 

179 

equipment 3610(b) or 361 0(c). In turn, the respective station 
controllers carry out their instructions and report progress and 

t ' 

completion in VDE containers 3626 sent back to the 

WIP/manufacturing process control application 3606, which may in 
5 one example, provide results to other applications' and/or to the 
employee who originally requested the work to be scheduled and 
performed. 

Example: Matching And Classification Authority 900 
Supports Classes And Matching Based In Part On 
10 Government/Societal Commerce Administration 

Among the rightsholders in commerce processes of all kinds 
are societies and governments. Governments may foster rules 
indicating that certain classes of individuals may have not have access 
to certain classes of content. Some classes of information may be 

1 5 treated as members of classes that define permissions, such as 

"confidential," "secret," "top secret," and so on. Other non-limiting 
example governmental rights may address permissions for import, 
use, and/or export of certain classes of hard goods, services, currency 
and financial instruments, and content. Travelers entering the United 

20 States, for example, are usually asked about currency (and currency 
equivalents) being brought into the country by the traveler. Children, 
for example, may be prohibited as a matter of law by governments 
from viewing content in the class "sexually explicit." 

Another example of government rights is that different tax rules 
25 may be applied to different classes of electronic commerce 



WO 99/24928 PCT/US98/23648 

180 

transactions using VDE. Example 3700, Figure 62A-62B, shows a 
certifying authority 500 operated by and/or on behalf of a government 
issuing a certificate and/or other digital credential indicating ( . 
jurisdiction, namely, country. The certificate is sent in a VDE 

5 container 3710(a) to a VDE administrator 800. The government 
certifying authority 500 also sends certificates in VDE containers 
3710(b)-3710(n) to the government matching and classification 
authority 900 attesting to the "country," in one example, the United 
States, and another certificate 3716 attesting to the fact that the 

10 matching and classification authority 900 is indeed an authorized 
service of the United States government. 

In one example, the government matching and classification 
authority 900 has created tax class definitions 3712 and tax control 
sets 3714 that apply those definitions in various classes of 

1 5 circumstances, including the presence of certain control-related 
information, such as an appropriate country certificate from an 
authorized issuer of such jurisdictional certificates. The tax class 
definitions 3712, tax control sets 3714, and government authority 
certificates 3716' are sent in at least one VDE container to a rights and 

20 permissions clearinghouse 400, who, in one example, redistributes the 
tax class definitions 3712(1), tax class control sets 3714(1), and/or 
government authorization certificate 3716(1) to content providers 
3702, service providers 3704, and other value chain participants. The 
certifying authority 500 also sends country certificates to one or more 

25 VDE administrators 800 who, in turn, send country certificates 3710' 



WO 99/24928 PCT/US98/23648 

181' 

to VDE nodes 3706(A)-3706(n) in their deployment. When content 
provider 3702 distributes content of any kind, the appropriate tax 
control sets 3714(A) are also included in the VDE container. A tax 
control set is applied whenever content is, used in accordance with a 
5 tax class and provided that the appropriate jurisdictional certificate • 
3710' is present on the VDE node 3706(a). For instance, a VDE node 
may have a tax control set to be applied to sales of a class of content, 
specifically, to the class of "software." Whenever a software vend 
occurs, the appropriate tax is applied according to these rules. 

10 In another example, the various country and government 

authority certificates may be sent directly from the certifying 
authority 500 to one or more VDE nodes 3706. The VDE controls 
that implement tax policy for one or more classes may also be sent 
directly to VDE nodes 3706 and/or to VDE administrators 800. 

1 5 Example: Classification May Be Used In 

Automatically Selecting The Proper Display Context 
Based On Classes Of Information 

Content objects may be displayed using one or another formats 
according to class membership of that object. In example 3800, 

20 shown in Figure 63A, a matching and classification utility 900 
provides content class information 3810 to information providers 
3802. A consumer 3807(1) previously has sent a VDE container to a 
provider of sports information 3802(1) indicating interest in "class b" 
stories, and perhaps other classes as well. The sports information 

25 provider 3802(1) sends back a VDE container 3808(1) with one or 



WO 99/24928 PCT/US98/23648 

182 

more stories in "class b," perhaps "all stories about baseball, New 
York, Yankees, history, heroes with permission to print" an example 
of which is 3814(1), along with, in this example, one or more VDE • 
control sets. The VDE container 3808(1) is received by a customer 

5 3807(1) who then displays the content 3814(1) using one or another 
page formatting technologies based on macros; scripts, administrative 
events, methods, and/or other techniques. Also included in the VDE 
container is an image 3 8 1 2( 1 ) that was selected by the information 
provider as especially appropriate to the class of story being sent. In 

10 this example, perhaps the image 3812(1) is a faint image of Joe 
DiMaggio. This image also meets the criteria of "permission to 
print." 

Example 3800, Figure 63 A, also shows another instance in 
which a different consumer 3807(n) previously has informed a nature 

1 5 information provider 3802(n) of interest in class A stories. Here the 
information provider sends a VDE container 3808(n) that holds a 
class of stories different from the class of interest in the previous 
example. This VDE container 3808 holds a "class A" story, an 
example of which is 3814(n), that is displayed with a different image 

20 381 2(n), one that is appropriate to the story class, in this case, an 
image of a dog. 

The class assigned to each story may be carried in the container 
as metadata for one or more story objects in another example. An 
example Web browser may request of the information provider an 



WO 99/24928 PCT/US98/23648 

183 

t 

image appropriate to that class, which if available, would be sent in 
another VDE container. 

Class may affect display rules in other example ways as well. 
For instance, several team sports news stories may be displayed in a 
5 Web browser window in which a scene from a football or basketball 
game is faintly discernible in the background. Which image is 
displayed may be determined by the user's preferences given the 
classes of stories being presented on the page. The user, may have 
looked most at stories about the New England Patriots and a Patriots- 
1 0 related image may be displayed as background even stories about 
teams in addition to (or even instead of) the Patriots were being 
displayed. 

In (another) example 3850, shown in Figure 63B, a matching 
and classification utility 900 provides class information to a provider 

1 5 3852(1). Previously, one user 3857(1) has indicated to the provider 
3852(1) that she prefers information in topic class A more than 
information in topic class C and information that costs less than $.50 
per article while the other user 3857(n) has the opposite preferences 
and is not price sensitive. A matching and classification utility 900 

20 may provide classification information, class assignments for objects, 
administrative events, and/or methods for these and related purposes. 
Regardless, the information provider 3852(1) sends the identical VDE 
container 3858 to each of the users 3857. However, their browser and 
page formatting software 3856 produces different pages in 



WO 99/24928 PCT/US98/23648 

1 84 

accordance with each user's topic class preferences. In the example 
first case, the user 3857(1 ) sees three columns of topic A and one 
column of topic C while the second example user 3857(n) sees three 
columns of topic C and one column of topic A. As this example 
5 illustrates, the class preferences of users may affect the way in which < 

I ■ ' 

i 

the user interacts with content in various classes. 

In another example, the matching arid classification utility 900 
may have sent one or more administrative events and/or methods 
3859 to at least one user 3857 where the method performs the topic 
1 0 classification on documents and/or establishes topic classes and/or 
topic classes of greatest interest to the user. 

Example: Information May Be Classified With 
Respect To Difficulty And This May Pre-Determine 
An Appropriate Interface 

1 5 The class of content and/or the class of user may determine at 

least one display characteristic. One interesting example way of 
classifying content is with respect to its difficulty. One example 
measure of difficulty is reading level, which may reflect such aspects 
as vocabulary and/or complexity. It is well known that children (and 

20 adults) of the same approximate age read at different levels. In the 
example 3900, shown in Figure 64, a provider sends a VDE container 
3902(1) with text at a 4th grade reading level and controls indicating 
that when used by a person reading at that level, the charge is 50 
cents. However, if a person reads at less than the 4th grade level, the 



WO 99/24928 PCT/US98/23648 

185 

charge is only 40 cents. "Reading level" may be indicated by a 
certificate and/or other digital credential. 

A matching and classification utility 900 may send 
administrative events and/or classification methods 3910 to 

5 information providers, one or more other value chain participants, or 
to the students appliances directly. These methods may, for example, 
classify documents according to the degree of difficulty and create or 
modify controls for the whole document and/or subparts of the 
document, controls that may indicate the different prices for users at 

10 different reading levels. The matching and classification utility 900 
may also send administrative events and methods to users that know 
how to make the document appear in the example browser at a lower 
reading level. 

The example VDE container 3902(1) is sent from the provider 
15 to a child 3906( 1 ) in the 4th grade who is reading that at that level. 
When the child opens the container to view (or otherwise use) the 
text, she or he is charged 40 cents (which might be paid by a third 
party such as a school and/or parent. The child sees the text as 
written 3904(1) 

20 Example 3900, Figure 64, also shows the exact same document 

being read by a student 3906(3) in the class of 2nd grade readers. 
Now the browser displays the document 3904(3) modified by 
methods that may make the syntax less complex and may substitute 
simpler words and/or phrases for harder ones. A similar example 



WO 99/24928 PCT/US98/23648 

186 

document and controls in a VDE container 3902(n) involving a 12 th 
3906(2)and 9th grader 3906(n) is also shown. 

i * 

In other examples, the prices may be higher when users are 
reading text below their capabilities, they may be offered discounts 
5 for reading at a higher level, and/or they may be charged more for 
reading on different levels since modifying the text is a value added 
process, and providers of that value may wish to be compensated for 
their efforts. 

Example: Classification May Describe Degree Of 
1 0 Focus Of The Content Unit Or Portion On A Topic, 
Or Characteristics Related To Conventional 
Formatting, Such As File Type 

Sometimes the most interesting and/or useful content is at the 
intersection of various topics. Also, user often want content in a form 

1 5 or format that will be most useful, and most practical, to them. In the 
example 4000, shown in Figure 65, a matching and classification 
utility 900 receives from user 4002 a VDE container 4004 holding a 
request for documents in the class, "on economics and politics, 
costing less than $5.00, and in MS Word format." The matching and 

20 classification utility 900 responds in this example by providing in a 
VDE container 4006 at least one Uniform Resource Locator (URL) 
- that points to the location of the document(s) on the World Wide 
Web. 



25 



The user 4002 in this example sends a message in a VDE 
container 4008 asking for the document identified in the URL. A 



WO 99/24928 PCT/US98/23648 

187 

provider sends back a VDE container 4012 with the desired document 
4010 that has been classified by the matching and classification utility 
900. In this example, parameter data is provided in the form qf scores 
indicating the relative emphasis on various topic classes, including 
5 Economics (score=l 5), Politics (score=7), and Religion (score=2). 
Also indicated is the format of the content, which in this example is 
the desired MS Word. Also conveyed in the VDE container 4.012 are 
a control set indicating, among other-things, that the price is $2.98 
and no modifications are allowed. 

] 0 In other examples, the classes might have been much more 

narrow, for example, "Clinton," "Greenspan", Federal Reserve Policy, 
Interest Rates. Also, the customer might have requested only those 
documents for which controls could be obtained that permitted • 
modifications and/or excerpting and/or derivative works. In another 

1 5 example, the matching and classification utility 900 may send one or 
more administrative events and/or classification and/or matching 
methods to the customer so that these methods could be applied by 
the customer. Alternatively, the customer may have send one or more 
methods as part of a smart object to one or more information 

20 providers in search of information meeting the desired criteria. 



WO 99/24928 PCT/US98/23648 

188' 

Example: The Atomic Aspects Can Support 
Automated Extraction Of Portions Of A Content Unit 
For Aggregation With Topically Consistent Portions 
And/Or Units From Other Sources 

5 Not only may people desire specific information, but that 

information may come from different parts of the same object or parts' 
of two or more objects. The matching and classification utility 900 
can support the use of smart, classification based extraction and 
aggregation methods, as shown in example 4100, Figure 66, where , 

10 two documents 4102(1,2) have been classified by the matching and 
classification utility 900 into "chunks" or subobjects reflecting topic 
classes and VDE controls have been provided for each chunk. The 
"chunking", classification, and control set creation may be performed 
and stored in a database and/or may be performed "on the fly" or as 

15 needed. 

To satisfy a request for information concerning travel to and in 
the United Kingdom plus background information, an information 
provider extracts parts of each document in the desired classes and 
creates a new, recombinant document comprised of the subobjects 
20 and packages the new document with appropriate controls in a VDE 
container 41 02(n). VDE controls for the subobjects may also be 
carried along and may be modified by the provider and/or other 
participants in a chain of handling and control. 

The request for information may have been generated using any 
25 query and/or search method, including semantic, Boolean, heuristic, 



WO 99/24928 PCT/US98/23648 

189 

concept-based, and other approaches, and may have been generated 
explicitly and intentionally by a user and/or other value chain . 
participant, or may have resulted more automatically from the, . 
analysis by a matching and classification utility 900 of usage, audit, 
5 and/or other rights management information and/or of "info exhaust, 11 
and/or of preference, demographic, and/or psychographic data and/or 
classes of data. 

In another example, the matching and classification utility 900 
may have sent administrative events and/or classification, search, 
1 0 and/or subobject combining methods 41 06 to a provider and/or to a 
user for execution under the control of a local VDE node. 

Example: Matching And Classification Utility 900 
Supports Classification For Subsets Of Content 
Within A Content Unit (Nested Virtual 
15 Classifications) 

Not only may the matching and classification utility 900 assist 
in locating whole objects, it may also assist in identifying and/or 
classifying any number of subobjects for a given whole. New control 
sets may be associated with each of these subobjects. These new 

20 control sets may differ from the control set that applies to the object 
as a whole. This capability allows matching and classification utility 
900 and others value chain participants to locate desired classes of 
content that may be part of a larger object and possibly to retrieve, 
pay for, manage, use, or combine these parts in addition to, and/or 

25 instead of the whole object. 



WO 99/24928 PCT/US98/23648 

190 

In example 4200, Figure 67, a VDE container 4202 created by 
the matching and classification utility 900 holds a text document that 
in this non-limiting example is the US "State of the Union Address." 
The matching and classification utility 90P has first classified the 
5 entire document in the class "politics." The matching and 

classification utility 900 has also identified various subparts or 
subobjects and has classified each them into different classes or 
categories. In this example, the different classes represent different 
topic categories. 

10 A user and/or other value chain participant may request only 

subobjects that have been categorized in one or more desired 
class(es). The desired subobjects may be packaged in a VDE 
container 4204 along with appropriate VDE controls for both the 
overall, new composite object and/or for each of the desired 

1 5 subobjects. (The VDE controls can also be sent separately from the 
content subobjects.) These controls may pertain to the new whole 
object created from subparts selected on the basis of their 
membership in one or more specified class(es) and/or to the whole, 
new object comprised of these selected subobjects. In another 

20 example, the subobjects may be drawn from different documents 
sharing the same overall topic, for example, from State of the Union 
addresses given in different years. 

In one example, any value chain participant may send distribute 
one or more subparts of the original object. 



WO 99/24928 PCT/US98/23648 

191 

In another example, the matching and classification utility 900 
may send one or more administrative events and/or methods 4206 to 
value chain participants who may execute the methods to perform the 
operations to identify subobjects and/or to subset the whole object in 
5 to parts based on class assignments. 

Search engines can also use the subobject classifications to 
provide more precise results. For example, a search engine may have 
retrieved the State of the Union Address because the search criteria 
were "US politics speeches," but the whole or part of the object may 
1 0 also have been retrieved searching for "US politics speeches welfare" 
or "speeches US president defense." 

Example: Matching And Classification Utility 900 
Supports Classes Of Classes Based On Object 
Identifier Standards And/Or Other Object Metadata 

1 5 Among the numerous advantages of the present inventions is 

the ability to create classes of classes based in part on rights 
management information. The feature may enhance search efficiency 
by enabling search engines to locate members of classes provided by 
any of numerous schemes for object naming and object metadata that 

20 have been proposed. For example, the IETF Uniform Resource 
Locator (URL), the International Standard Book Number (ISBN), 
International Standard SeriarNumber (ISSN), MARC library catalog 
records, and the recent proposed "Dublin Core"(Weibel, Stuart, Jean 
Godby, Eric Miller, and Ron Daniel, "OCLC/NCSA Metadata 

25 Workshop Report", URL http://www.oclc.org:5047 



WO 99/24928 PCT/US98/23648 

192 

/oclc/research/conferences/metadata/ dublin_core_report.html) are 
non-limiting examples of prior classifications that can themselves be 
classified using the present inventions. 

Example 4300, Figure 68A-68B, shows several objects 
5 4304(l)-4304(n) each of which may have associated with it various 
metadata 4302(1 )-4302(n) that locates the object in one or more 
classes, non-limiting examples of which may include network address 
(URL), price, control set information, permission strings, subject 
category, title, and publisher, 

1 0 In example step " 1 ," object metadata 4302 is sent to a matching 

and classification utility 900 which (example step "2") may create 
new "classes of classes" 4306. These new classes 4306 are then made 
available on a Web page 4308 (example step "3") to interested parties 
who may then search for objects according to their membership in 

1 5 one (or more) of these new classes of classes. In example step "4" an 
interested party 4320 sends a VDE container with a request to retrieve 
the Web page 4308 with the classes of metadata information. The 
Web server (in example step "5") returns a copy of the page 43 12 to 
the interested user 4320, who (in example step "6") sends a VDE 

20 container with a query to the matching and classification utility 900 
asking, in this example, for objects in new class 3 that cost less than 
$1 .98, and that grant a "modify" permission. In example step "7," the 
matching and classification utility 900 returns a VDE container 43 1 6 
with list of objects that match the criteria. The matching and 



WO 99/24928 PCT/US98/23648 

193 

classification utility 900 may, in turn, provide URLs or other location 
information for at least one member of the desired class(es) in the list 
in container 43 1 6. , • 

Example: Matching and Classification Utility 900 
5 Supports Electronic Gambling 

Electronic gambling may be among the services that will drive 
Internet growth in coming years. Such services raise many questions 
for bouYproviders and for users or players of the service. For 
example, providers want to be able create attractive, compelling 
1 0 entertainment experiences and in doing so, capture an important share 
of their intended markets. Users of these services will of course want 
to locate the most stimulating, entertaining, and perhaps most of all, 
rewarding gambling experiences. 

Gambling providers may, in one example, differing classes of 
1 5 games, rules, payoffs, odds, and/or interfaces. The present inventions 
can assist players in identifying the nature of various classes and 
locating specific instances of one or more classes. Within a particular 
class of games, for example, players may be particularly interested in 
the odds at the game of blackjack. In one example, a player may 
20 prefer playing with a single digital deck of 52 cards and a particular 
number of (emulated) shuffles rather than with say four decks and 
more shuffles, the affect of the latter being to create a more random 
distribution. Smaller decks and fewer shuffles may make it easier to 
count cards and/or to otherwise increase the odds in favor of the 
25 player, or at least in favor of the experienced, knowledgeable player. 



WO 99/24928 PCT/US98/23648 

In example 4400, shown in Figure 69, an arbitrary number of 
gamblers 4402(1 )-4402(n) whose usage information flows in VDE 
containers 4404(1 )-4404(n) to a usage clearinghouse 300. The usage 
clearinghouse 300 sends in VDE containers 4406 at least some of this 

5 usage information to a matching and classification utility 900. In 
another example, the usage information may be sent directly from at 
least one user to the matching and classification utility 900. In this 
example, an arbitrary number of gambling providers 4406(1 )-4406(n) 
may also send in VDE containers 4408(1 )-4408(n) descriptive and/or 

1 0 usage information to the matching and classification utility 900. 
Based on available information from relevant sources, the matching 
and classification utility 900 may create one or more classes and 
assign one or more providers, services, and/or users to a class. These 
class definitions may at least in part be based on privacy-related 

1 5 control information. 

In this one example, a gambler 4402(1) sends a VDE container 
4410 with a query concerning best odds for blackjack to a matching 
and classification utility 900, who, in turn, sends back a VDE 
container 4412 with content indicating that gambling provider 2 gives 
20 the best odds in blackjack, "best" here meaning those most favorable 
to the player. In another example, the gambler may then contact 
gambling provider 2 to play, and the play may consist of a series of 
communications in VDE containers between the gambling provider 
and the gambler. 



WO 99/24928 PCT/US98/23648 

195 

Example: Matching and classification utility 900 
Supports Electronic Ticket Sales and Distribution 

The performing arts, exhibitions, theaters, and conferences are * 
some non-limiting examples of events that may require tickets for 

5 admission. Electronic ticket agencies on the Internet and other 
electronic arenas provide a connection between the consumer and 
producers of the event. Consumers may want to know such 
information as the nature of the event, what classes of tickets exist for 
a given event and/or class of events, the price for different classes of 

1 0 tickets to an event, the availability of different classes of tickets to 
different classes of events, and similar information. 

In the example 4500, shown in Figure 70, an arbitrary number 
of users 4504(1 )-4504(n) whose usage information is sent in VDE 
containers 4508 to a usage clearinghouse 300 who, in turn, may send 
1 5 at least some of this usage information in at least one VDE container 
4526 to a matching and classification utility 900. The usage 
information may reflect past ticket purchases, prices, seating 
preferences, preferred payment methods, preferred theaters and other 
venues, and other user preference and historical information. 

20 Various ticket agencies 4506(1 )-4506(n) may send information 

about specific events 4512 (l)-4512(n) and/or information about 
agency services 4514(l)-4514(n) to the matching and classification 
utility 900. In another example, an event promoter may send event 
information directly to the matching and classification utility 900. 



WO 99/24928 PCT/US98/23648 

196 

In one example, a user wishes to find four seats for a particular 
concert or class of concerts and/or other events whose cost is not 

i 1 

more than $25.00, The user sends a VDE container with a request for 
information on who can supply the desired tickets to the desired 
5 events at the requested price. In turn, the matching and classification 1 
utility 900 returns a VDE container indicating that tick agency 2 can 
provide the tickets. 

In this example, user 2 sends a VDE container with a purchase 1 
request to ticket agency 2. The purchase request may specify not only 
1 0 the specific event, desired pricing, and class of tickets, seat location, 
for example, but payment method as well, MasterCard for example. 
The ticket agency, in turn, may return a VDE container with 
confirmation of the ticket purchase at a given price, location, date, 
event, and/or using a particular payment method. 

1 5 In another example, the tickets may be digital and may have 

associated with them one or more "seals", digital signatures, and/or 
certificates indicating the authenticity and/or integrity of the digital 
tickets. 

* * * * 

20 While the inventions have been described in connection with 

what is presently considered to be the most practical and preferred 
embodiments, the inventions are not to be limited to the disclosed 
embodiments but, on the contrary, is intended to cover various 



WO 99/24928 PCT/US98/23648 

197 

modifications and equivalent arrangements included within the spirit 
and scope of the appended claims. 



WO 99/24928 PCT/US 98/23648 



198 

WE CLAIM: 

1 LA method including: * 

2 (a) determining at least qne class, class hierarchy, classification 

3 scheme, category or category scheme; 

4 (b) assigning cases, persons, and/Qr things to said determined 

5 class, class hierarchy, classification scheme, category or category 

6 scheme; and 

7 (c) selecting and/or matching cases, persons, and/or things 

8 based at least in part on said class, class hierarchy, classification 

9 scheme, category or category scheme and/or said assignment, 

10 wherein at least one of said steps (a)-(c) includes the step of 

1 1 using at least some rights management information. 

1 2. A method as in claim 1 wherein said using step includes 

2 using at least one control set. 

1 3. A method as in claim 1 wherein said using step includes 

2 using at least some information for controlling use of digital 

3 information. 

1 4. A method as in claim 1 wherein said using step includes 

2 using at least some information for controlling at least one 

3 transaction. 

1 5. A method as in claim 1 wherein said using step includes 

2 using at least some information for controlling at least one event. 



WO 99/24928 PCT/US98/23648 

199 

1 6. A method as in claim 1 wherein said using step includes 

2 using at least some information for controlling at least one 

3 consequence of digital information use. ( . 

1 7. A method as in claim 1 wherein said using step includes 

2 using at least some information for controlling at least one 

3 consequence of at least one event. 

1 8. A method as in claim 1 wherein said using step includes 

2 the step of using at least some information for controlling at least one 

3 consequence of at least one transaction. 

1 9. A method as in claim 1 wherein said using step includes 

2 using at least some information outputted by a rights management 

3 process. 

1 1 0. A method as in claim 1 further including the step of 

2 outputting at least some rights management information. 

1 11 . A method as in claim 1 wherein at least one of steps (a)- 

2 (c) includes using at least one secure container. 

1 12. A method as in claim 1 wherein at least one of steps (a)- 

2 (c) includes using at least one protected processing environment. 

1 13. A method as in claim 1 further including the step of 

2 using at least one of the techniques set forth at pages 60-82 of this 

3 specification. 



WO 99/24928 PCT/US98/23648 

200 

1 14. A method as in claim 1 wherein said using step includes 

2 using at least one or more rules and/or their consequences. 

1 15. A method as in claim 1 wherein at least one of steps (a) 

2 and (b) includes at least one of the following steps: 

3 (a) using at least one statistical technique identifying at least 

4 one cluster of cases sharing similar profiles and/or features; 

5 (b) using numerical taxonomy; 

6 (c) using at least one of cluster analysis, factor analysis, 

7 components analysis, and other similar data reduction/classification 

8 technique; 

9 (d) using at least one pattern classification technique, including 

10 components analysis and neural approaches; 

1 1 (e) using at least one statistical technique that identifies at least 

12 one underlying dimension of qualities, traits, features, and/or 

13 characteristics, and assigning parameter data indicating the extent to 

14 which a given case has, possesses, and/or may be characterized by the 

15 underlying dimension, factor, class, and/or result in the definition of 

1 6 at least one class and/or the assignment of at least one case to at least 

1 7 one class; 



1 8 (f) using at least one statistical method employing fuzzy logic 

19 and/or fuzzy measurement and/or whose assignment to at least one 

20 class entails probabilities different from 1 or zero; 

21 (g) using a Baysian statistical classification techniques that uses 

22 an estimate of prior probabilities in determining class definitions 

23 and/or the assignment of at least one case to at least one class; 



WO 99/24928 PCT/US98/23648 

201 

24 (h) using at least one statistical and/or graphical classification 

25 and/or data reduction method that uses rotation of reference axes, 

26 regardless of whether orthogonal or oblique rotations are used; t 

27 (i) using at least one statistical method for two and three way 

28 multidimensional scaling; and 

29 (j) using at least one knowledge based approach to 

30 classification. 

1 16. A system including: 

2 an automatic class generator that generates at least one class, 

3 class hierarchy, classification scheme, category or category scheme; 

4 an automatic class assigner that assigns cases, persons and/or 

5 things to said determined class, class hierarchy, classification scheme, 

6 category or category scheme; and 

7 at least one further component for automatically searching, 

8 selecting and/or matching cases, persons, and/or things based at least 

9 in part on said class, class hierarchy, classification scheme, category 

1 0 or category scheme and/or said assignment, 

1 1 wherein said system uses at least some rights management 

12 information. 



WO 99/24928 PCT/US98/23648 

202 

1 17. A system including: 

2 first means for determining at least one class, class hierarchy, 

3 classification scheme, category or category scheme; 

4 second means for assigning cases, persons, and/or things to 

5 said determined class, class hierarchy, classification scheme, category. 

6 or category scheme; and 

7 third means for selecting and/or matching cases, persons, 

8 and/or things based at least in part on said class,, class hierarchy, 

9 classification scheme, category or category scheme and/or said 

10 assignment, 

1 1 wherein at least one of said first, second and third means uses 

1 2 at least some rights management information. 

1 1 8. A Commerce Utility System providing a secure 

2 execution space, the Commerce Utility System performing at least 

3 one component based service function including at least one secure 

4 component for execution within the secure execution space, the 

5 Commerce Utility System including a communications facility 

6 permitting communication of secure control information with at least 

7 one electronic community participant, 



8 wherein said component based service function uses at least 

9 one class based at least in part on rights management information. 

1 19. A Commerce Utility System as in claim 1 8 wherein the 

2 component based service function assigns at least one member to at 



WO 99/24928 PCT/US98/23648 

203 



3 least one class based at least in part on some rights management 

4 information. 

1 20. A Commerce Utility System as in claim 1 8 wherein the 

2 component based service function matches persons and/or things 

3 based at least in part on at least some rights management information 

1 2 1 . A Commerce Utility System as in claim 1 8 wherein the 

2 component based service function selects persons and/or things based 

3 at least in part on at least some rights management information. 

1 22. A Commerce Utility System as in claim 1 8 wherein the 

2 component based service function narrowcasts information to 

3 recipients based at least in part on at least some rights management 

4 information. 

1 23. A system or method including: 

2 a computer network and 

3 a control arrangement within the network that determines 

4 and/or uses at least one of the following through use of rights 

5 management information: 

6 (a) class hierarchy, 

7 (b) class structure, 

8 (c) classification scheme, 

9 (d) category, and 

10 (e) category scheme. 



WO 99/24928 PCT/US98/23648 

204' ' 

1 24. A class-based system including at least one computer 

2 that processes digital information, said system including at least one 

3 element that uses at least some rights management information. 

1 25 . A method of operating a class-based system including at 

2 least one computer that processes digital information, said method 

3 including the step of using at least some rights management 

4 information. 

1 26. A system for assigning at least one thing or person to at 

2 least one class including at least one computer that processes digital 

3 information, said system including at least one element that uses at 

4 least some rights management data in making said assignment. 

1 27. A system for making and/or using at least oneclass- 

2 based assignment including at least one computer that processes 

3 digital information, said system including at least one element that 

4 uses at least some rights management information. 

1 28. A system for clearing at least one transaction including at 

2 least one computer that processes digital information, said system 

3 including at least one element that uses at least one class defined, 

4 assigned, selected, and/or matched based at least in part on rights 

5 management information. 

1 29. A method for authorizing at least one computer and/or 

2 computer user including the step of using at least one class defined, 



WO 99/24928 PCT/US98/23648 

205 



3 assigned, selected, and/or matched based at least in part on rights 

4 management information. 

1 30. A method for authorizing at least one electronic 

2 transaction including the step of using at least one class defined, 

3 assigned, selected, and/or matched based at least in part on rights , 

4 management information. 

1 31. A method for initiating and/or performing at least one at 

2 least in part secure electronic transaction including the step of using 

3 class related information defined, assigned, selected, and/or matched 

4 based at least in part on rights management information. 

1 32. An information processing method including the steps 

2 of: 

3 securely charging a fee; and 

4 conditioning said charging step at least in part on at least one 

5 class defined, assigned, selected, and/or matched based at least in part 

6 on rights management information. 

1 33 . A method for securely exchanging digital information 

2 including the step of at least in part defining, assigning, selecting, 

3 and/or matching at least one class based at least in part on rights 

4 management information. 

1 34. A method for performing at least one rights operating 

2 system based transaction including the step of defining, assigning, 



WO 99/24928 PCT/US98/23648 

206 

3 selecting, and/or matching at least one class. based at least in part on 

4 rights management information. . 

1 35. A method for perfprming at least one protected 

2 processing environment operation including the step of defining, 

3 assigning, selecting, and/or matching at least one class based at least 

4 in part on rights management information. 

1 36. A method of pushing information including the steps of 

2 classifying recipients and/or information to be sent to said recipients 

3 based at least in part on rights management information, and selecting 

4 said information to distribute to said recipients based at least in part 

5 on said classifying. 

1 37. A method of pushing information including the steps of 

2 classifying recipients and/or information to be sent to said recipients 

3 based at least in part on rights management information, and 

4 matching at least a portion of said information with at least one class 

5 of said recipients based at least in part on said classifying. 

1 38. A method of pushing information as in claim 37 further 

2 including the step of creating a classification scheme and/or hierarchy 

3 using at least some rights information. 

1 39, A method of pushing information as in claim 37 further 

2 including the step of assigning at least some information and/or at 

3 least one recipient to a class or category, said assignment based at 

4 least in part on rights management information. 



WO 99/24928 PCT/US98/23648 

207 

1 40. A subject switch for matching subscribers and/or 

2 recipients desiring information in one or more classes with one or 

3 more sources of information, wherein the subject switch matches at . 

4 least one subscriber and/or participant with at least one information 

5 source on a mapping based at least in part on rights management 

6 information. 

1 41 . A subject switch as in claim 40 wherein said information 

2 source: 

3 selects at least some information, said selection based on at 

4 least one class, and wherein said assignment of said at least some 

5 information to said at least one class is based at least in part on rights 

6 management information; and 

7 sends at least some said selected information to said subscriber 

8 in accordance with said subscriber's subscribing to said class of 

9 information. 

1 42. A subject switch as in claim 40 wherein at least one of 

2 said subject switch, said subscriber and/or participant and said 

3 information source includes at least one computer providing a 

4 protected processing environment. 

1 43. A subject switch as in claim 40 wherein at least one 

2 subscriber and/or participant uses rights management information at 

3 least in part to persistently subscribe to at least some information 

4 provided by at least one information source. 



WO 99/24928 PCT/US98/23648 

208 

1 44. A subject switch as in claim 40 wherein the subject 

2 switch includes means for using at least one class definition for said 

3 mapping. 

1 45. A subject switch as in claim 40 wherein the subject 

♦ t 

2 switch includes means for responding to a subscriber and/or 

3 participant request by providing information indicating information 

4 sources in at least one specified or desired class. 



1 46. A subject switch as in claim 40 further including a 

2 messaging service for use by at least two of said subject switch, said 

3 subscriber and/or participant and said information source and/or 

4 participant to communicate electronically. 

1 47. A subject switch as in claim 46 wherein said electronic 

2 communications uses at least one secure container. 

1 48. A subject switch as in claim 40 wherein at least one of 

2 said subject switch, subscriber, or information source uses at least one 

3 control set associated with at least some information received by at 

4 least one subscriber. 

1 49. A digital narrowcasting arrangement comprising: 

2 a computer; and 

3 at least one classifying element used to select content to 

4 narrowcast to recipients based at least in part on rights management 

5 information. 



WO 99/24928 PCT/US98/23648 

209 

1 50. A digital narrowcasting arrangement as in claim 49 

2 wherein the classifying element classifies at least one of (a) a 

3 recipient, and (b) content, based at least in part on rights management 

4 information. 

1 5 1 . A digital narrowcasting arrangement as in claim 49 

2 wherein said classifying element defines at least one class using at 

3 least some rights management information. 

1 52. A digital narrowcasting arrangement as in claim 49 

2 wherein the classifying element assigns at least some content to at 

3 least one class, said assignment based on at least some rights 

4 management information. 

1 53. A digital narrowcasting arrangement as in claim 49 . 

2 wherein the classifying element defines at least one class based at 

3 least in part on content selections previously made by the recipients 

4 and/or profiles generated based at least in part on recipient input. 

1 54. A digital narrowcasting arrangement as in claim 49 

2 wherein the classifying element sends a content request including 

3 classification data and destination information to at least one 

4 provider. 

1 55. An information distribution system including: a 

2 computer network; and a selection arrangement that selects 

3 information for use by individual recipients using classes based at 

4 least in part on rights management information. 



WO 99/24928 PCT/US98/23648 

* 

210 

1 56. An information distribution system as in claim 55 

2 wherein the system further includes a classifying element that 

3 determines at least one class of content and/or service of interest to at 

4 least one recipient. 

1 57. An information distribution system as in claim 56 

2 wherein said classifying element defines at least one class using at 

3 least some rights management information. 

1 58. An information distribution system as in claim 56 

2 wherein said classifying element assigns at least some content to at 

3 least one class, said assignment based on at least some rights 

4 management information. 

1 59. An information distribution system as in claim 55 

2 wherein the system includes means for allowing the user to choose to 

3 receive the selected information. 

1 60. An enterprise information system including a computer 

2 system for classifying employees, said system including at least one 

3 rights management component that distributes information to the 

4 employees based at least in part on employee classification. 

1 61 . An enterprise information system as in claim 60 wherein 

2 the computer matches the information to employees based at least in 

3 part on the employee classification. 

1 62. An enterprise information system as in claim 60 wherein 

2 the employee classification is used to gather information for 



WO 99/24928 PCT/US98/23648 

211 

3 employees without revealing substantial information concerning 

4 individual employees. 



1 63 . A method for conducting a chain of handling and/or 

2 control including the steps of allowing plural parties to contribute 

'3 rules and/or consequences, and performing at least one classification 

4 based at least in part on said rules and/or consequences. 

1 , 64, A method as in claim 63 wherein at least some of said 

2 contributed rules and/or consequences are class based. 

1 65. A method as in claim 63 wherein at least one of said 

2 parties modifies at least one of said rules and/or consequences based 

3 at least in part on class. 

1 66. A method as in claim 63 including the step of generating 

2 class assignments based at least in part on said rules and/or 

3 consequences, and sending said class assignments to at least one 

4 clearinghouse. 

1 67. A method as in claim 63 including the step of classifying 

2 said rules and/or consequences to provide at least one class, and 

3 fulfilling at least one request by selecting based on said class. 

1 68. A directory services system for classifying confidential 

2 information, the system including: 

3 a communications component that receives directory requests; 

4 and 

5 a response component that uses said classification to respond to 



WO 99/24928 PCMJS98/23648 

212 ' 

6 directory requests while preserving confidentiality of said 

7 confidential information. 

1 69. A directory servic.es system as in claim 68 wherein said 

2 response component uses at least one classification process to classify 

3 items in a directory, and uses results of the classification process, at 

4 least in part, to respond to directory requests. 

1 70. A directory seryices system as in claim 68 wherein said 

i 

2 response component sends information to destinations revealed by the 

3 results of the classification process without revealing at least some 

4 information concerning said destinations to the information source. 

1 71. A microsegmented merchandising technique including 

2 ' the steps of performing classification based at least in part on usage 

3 data and/or lifestyle profiles, and distributing offers for products 

4 and/or services based at least in part on the classification. 

1 72. A microsegmented merchandising technique as in claim 

2 71 wherein the performing step includes defining at least one class 

3 hierarchy based at least in part on rights management information. 

1 73. A microsegmented merchandising technique as in claim 

2 71 further including the step of combining plural offers for different 
3~ "products and/or servicesbased at least in part on said classification. 

1 74. A trading network including: 

2 a communications element for communicating digital signals; 

3 and 



WO 99/24928 PCT/US98/23648 

213 

4 means for matching value chain participants through a 

5 classification based at least in part on rights management 

6 information. ( . 

1 75. A trading network as in claim 74 further including means 

2 for defining at least one class hierarchy based at least in part on rights 

3 management information. 

1 76,. A trading network as in claim 74 further including means 

2 for determining class membership based at least in part on action 

3 and/or information provided by at least one value chain participant. 

1 77. A trading network as in claim 74 wherein said matching 

2 means includes means for at least in part performing at least one 

3 electronic negotiation. 

1 78. A securities trading method including the step of 

2 performing a classification process at least in part using at least one 

3 rights management element, and using the classification process to 

4 select securities for trade. 

1 79. A securities trading method as in claim 78 wherein said 

2 classification process includes defining at least one class hierarchy 

3 based at least in part on rights management information. 

1 80. A currency/debt trading system including: 

2 a currency or debt trading computer; and 

3 an arrangement coupled to said computer that performs at least 



WO 99/24928 PCT/US98/23648 

214' 



4 one classification process based at least in part on rights management 

5 information. 

t • 

1 8 1 . A currency /debt trading system as in claim 80 wherein 

2 said arrangement includes means for defining at least one class 

3 hierarchy based at least in part on rights management information. 

1 82. A currency /debt trading system as in claim 80 wherein 

2 the arrangement uses classification to rqaximize return or minimize 

3 loss. 

1 83. A financial institution selection system including a 

2 computer that classifies financial institutions based at least in part, on 

3 rights management information. 

1 84. A software distribution method including the steps of 



2 generating class information based at least in part on rights 

3 management information, and selecting software to be distributed 

4 and/or recipients who are to receive distributed software based at least 

5 in part on class information. 

1 85. A software distribution method as in claim 84 wherein 

2 said generating step includes defining a class hierarchy using at least 

3 some rights management information. 

1 86. A software distribution method as in claim 84 wherein 

2 the selecting step includes selecting software to be distributed by 

3 classifying the software based at least in part on rights management 

4 information associated with the software. 



WO 99/24928 PCT/US98/23648 

215 

1 87. A software distribution mehtod as in claim 80 wherein 

2 the selecting step includes selecting recipients to receive software 

3 based at least in part on usage information provided by a rights 

4 management process. 

1 88. A classification technique including the step of 

2 authenticating class membership based at least in part on digital 

3 credentials and/or certificates. 

1 89. A classification technique as in claim 88 wherein said 

2 digital credentials are digital certificates. 

1 90. A classification technique as in claim 88 wherein said 

2 digital credentials are digital membership cards. 

1 91. A classification technique as in claim 88 further 

2 including the step of deciding class membership based at least in part 

3 on rights management information. 

1 92. A classification technique as in claim 88 further 

2 including the step of classifying at least one of users, nodes, devices, 

3 networks, servers, clients and services based at least in part on rights 

4 management information. 

1 93. A classification technique as in claim 88 further 

2 including the step of conditioning at least one rights management 

3 process at least in part on authenticated class membership. 



WO 99/24928 PCT/US98/23648 

216 

1 94. A computer system including: . 

2 a first arrangement that generates class-based controls to 

3 participants based at least in part on class and/or class-based 

4 assignments; and 

5 a second arrangement that allows participants to interact with ■ 

6 information and/or one another at least in part using said class-based 

7 controls. 

1 95. A computer system as in claim 94 further including 

2 means for using said class-based controls to limit participants' access 

3 to information and/or services based on participants' classes. 

1 96. A health care computer system including an arrangement 

2 for issuing health care workers, administrators and insurers class- 

3 based digital credentials and/or certificates, wherein the digital 

4 information sent to said health care workers and administrators 

5 includes class-based controls that condition use and/or access to 

6 information based at least in part on said class-based digital 

7 credentials and/or certificates. 

1 97. A health care computer system as in claim 96 further 

2 including means for allowing said health care workers, administrators 

3 and insurers sharing a common object subject to class-based controls 

4 to have access to different portions of the object based at least in part 

5 on said class-based controls. 



WO 99/24928 PCT/US98/23648 

217 

1 98. A work process automation system including a matching 

2 and/or classification computer that matches tasks to resources based 

3 at least in part on assigning classifying the tasks and/or the resources 

4 to at least one class. 

1 99. A work process automation system as in claim 98 

2 wherein said matching and/or classification computer includes means 

3 for defining at least one class hierarchy based at least in part on rights 

4 management information. 

1 1 00. A work process automation system as in claim 98 

2 wherein said matching and/or classification computer includes means 

3 for matching based at least in part on rights management information. 

1 1 0 1 . An automatic governmental and/or societal rights , 

2 supporting system including a matching and/or classification 

3 computing element that assigns and/or classifies entities to at least 

4 one class based at least in part on rights management information. 

1 102. An automatic governmental and/or societal rights 

2 supporting system as in claim 101 wherein the matching and/or 

3 classification computing element includes means for defining a class 

4 hierarchy based at least in part on rights management information. 

1 103. An automatic governmental and/or societal rights 

2 supporting system as in claim 101 wherein the matching and/or 

3 classification computing element includes means for classifying 

4 entities based on at least one of the following: 



WO 99/24928 PCT/US98/23648 

218 

5 tax status; 

6 right to receive certain information; 

7 right to engage in certain transactions; and 

8 jurisdiction. 

1 1 04. i An automatic taxing authority computer including 

2 means for issuing tax class control sets based at least in part on tax- 

3 based class definitions, and means , for using said tax control sets at 

4 least in part to collect and/or enforce taxation. 1 

1 1 05. A method for adaptively presenting information 

2 differently to different participants, including associating said 

3 participants with classes, and controlling presentation based at least in 

4 part on class-based control sets included within the information. 

1 1 06. A method as in claim 1 05 further including using said 

2 class-based control sets to match participants with different portions 

3 of said information. 

1 107. A method as in claim 105 further including using said 

2 class-based control sets to change the form in which information is 

3 presented based at least in part on said classes. 

1 108. A method as in claim 105 further including the step of 

2 operating said class-based control sets based at least in part on 

3 metadata associated with different portions of said information. 

1 109. A method as in claim 1 05 further including selecting 

2 said class-based control sets between different images for 



WO 99/24928 PCT/US98/23648 

219 



3 presentation based at least in part on one or more classes associated 

4 with a participant. 

1 1 10. A method as in claim 1 05 further including usinfe said 

2 class-based control sets to emphasize certain portions of said 

3 information over other portions in said presentation based at least in 

4 part on one or more classes associated with a participant. 

1 111. A method as in claim 1 05 further including using at 

2 least one computer having a protected processing environment. 

1 1 1 2. A method for adaptively presenting information 

2 differently to different participants including: 

3 classifying the different participants based on capability; and 

4 using class-based control sets associated with said information 

5 to change the difficulty of the presentation based at least in part on 

6 said classification. 

1 1 1 3. A method as in claim 1 12 wherein the different 

2 recipients are classified based on grade level. 

1 1 14. A method as in claim 1 12 including the step of 

2 changing the vocabulary and/or syntactical complexity of the 

3 presentation based at least in part on said classification. 

1 1 1 5. A method as in claim 1 1 2 further including the step of 

2 using said class-based control sets to ensure that in at least some 

3 cases, recipients in different classes pay different levels of 

4 compensation for said presentation. 



WO 99/24928 PCT/US98/23648 

220 

1 i 16. A method for adaptively presenting information 

2 differently to different participants including: 

3 classifying different participants based on capability, and 

4 using class-based control sets associated with said information 

5 to change the language of the presentation based at least in part on . 

6 said classification. 

1 1 1 7. An information searching mechanism including a 

2 matching computer element that classifies information based at least 1 

3 in part on rights management information, said computing element 

4 including means responsive to user requests to search for information 

5 based at least in part on said classification. 



1 1 1 8. An information searching mechanism as in claim 1 17 

2 wherein said matching computer element further includes means for 

3 assigning information to classes based at least in part on rights 

4 management information. 

1 1 19. An information searching mechanism as in claim 1 1 7 

2 wherein said matching computer element includes means for scoring 

3 information based at least in part on user indicated parameters. 

1 120. An information searching mechanism as in claim 117 

2 wherein said matching computer element includes means for 

3 responding to at least some user requests by providing Universal 

4 Resource Locator designations of where information can be found. 



WO 99/24928 PCT/US98/23648 

221 

1 1 2 1 . An information handling method including the step of 

2 using class-based controls to control support extraction and/or 

3 aggregation of information. 

1 1 22. An information handling method as in claim 1 2 1 further 

2 including using a computing element to extract information from ( 

3 plural objects based at least in part on class-based criteria. 

1 123. An information handling method as in claim 121 further 

2 including using a computing element to aggregate information based 

3 at least in part on class-based criteria. 

1 124. An information handling method as in claim 121 further 

2 including using said class-based controls to represent nested or multi- 

3 level classifications. 

1 125. An information classification method including the step 

2 of generating at least one class hierarchy from other plural 

3 classification hierarchies based at least in part on rights management 

4 information and/or class-based rights management information based 

5 at least in part on classification metadata. 

1 126. An information classification method as in claim 125 

2 further including basing said other plural classification hierarchies at 

3 least in part on object metadata. 

1 127. An information classification method as in claim 125 

2 further including specifying said classification object metadata 



WO 99/24928 PCT/US98/23648 

222' ' ' 

3 specified classifications based on at least one of location, name, 

4 prices, permissions, ISSN, title, author, publisher and/or date. 

t ■ 

1 128. An information classification method as in claim 125 

2 further including generating said class-based rights management 

3 information by classifying classes. t • 

1 129. An electronic gambling system including a computer 

2 that matches gamblers with plural gambling providers based at least 

3 in part through classifying the gambling providers using rights 

4 management information. 

1 130. An electronic gambling system as in claim 129 wherein 

2 the computer includes means for classifying the gamblers based at 

3 least in part on rights management information. 

1 13 1 . An electronic gambling system as in claim 129 wherein 

2 the computer includes at least one protected processing environment. 

1- 132. An electronic gambling system as in claim 129 wherein 

2 the computer uses at least one control set to classify, select and/or 

3 match at least one of said gambling providers, and/or gamblers. 

1 1 33 . An electronic ticketing system including a computer 

2 that matches recipients with tickets to events through classifying said 

3 recipients, said system including a computer that matches tickets 

4 and/or said events based at least in part on rights management 

5 information. 



WO 99/24928 PCT/US98/23648 

223 

1 134. An electronic ticketing system as in claim 133 wherein 

2 a recipient provides a request containing event and rights 

3 management criteria, and the computer matches the recipient with a . 

4 provider based at least in part on said classifying process. 

1 135. An electronic ticketing system as in claim 133 wherein 

2 the rights management information includes method of payment 

3 information. 



WO 99/24928 



PCT/US98/23648 



1/96 





SUBSTITUTE SHEET (RULE 25) 



WO 99/24928 



2/96 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



3/96 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



4/96 




SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



7/96 



PCT/US98/23648 






2 










o 




< 






in 




< 


CO 






< 


Q 


cd 
cr> 


DISTRIB 
THORIZI 


ITING 
LOWED, 


IALITY = 


00 WOR 


CM 


LU 3> 


Q -J 


—> 




CC < 


LU < 


O 






|I6 

gcoco 

x: o ~ 

i£ aS 
(U o ^ 

— I o 

,S> c g 
c ca F5 

£ c o 

5 > "o 
I— -E Q 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



8/96 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



10/96 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



12/96 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 PCT/US98/23648 

13/96 , 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



14/96 



PCI7US98/23648 



ca 
E 



CD 03 



ca 

E 



CD 
O) 

£ o 
J2 re 



i2 o 
.E? o 

C/D UJ 
_CD CO 



CO 
X 



■9> 




SUBSTITUTE SHEET (RULE 28) 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



16/96 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCTAJS98/23648 



18/96 



o 




SUBSTITUTE SHEET (RULE 25) 



WO 99/24928 PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE 25) 



WO 99/24928 



21/96 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



22/96 



PCT/US98/23648 



CO 



CO 



CO 



lis 



6 

















SUBSTITUTE SHEET (RULE 26) 



PCT/US98/23648 



23/96 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



24/96 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



26/96 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 




SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



30/96 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCTVUS98/23648 



31/96 



Start categorization^ 



Get input data 



I 



Select classification 
method 



I 



1840 



1842 



Assemble data 
matrix 



1844 




1846 



Assign objects 
to categories 



I 



1849 



Write output data 



c 



I 



1850 



End 



J 



Other data 
reduction methods 



1848 



Fig. 18 

Example Steps to Categorize Objects 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



32/96 



Start category 
construction 



I 



Get input data 



I 



Select classification 
method 



1840' 



1842" 



Assemble data 
matrix 



I 



1844' 



Apply classification 
method(s) 



1846' 



Assign users/ 
appliances 
to categories 



1849' 



Write output data 



c 



I 



1850' 



End 



Other data 
reduction methods 



1848' 



Fig. 19 

Example Steps to Categorize Users/Appliances 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



33/96 



o 
O 



o 
8 

CD 

° "2 

CO 
CD 



CO 

a 

CD 
M 



CO 
CD 



CD 

-i— -n > 
0> CD _£D 

CD 
CD 



CD 

■o 

CD 

CD 



>_ CD 



CD 
O 
£= 

LLI 2-cD 



E 



o 

"co 
CD 



05 



LU cr 



05 

So 



=3 
O 

O 



CD 

75 53 

CD £ 

8-^ 



CD 

"8Q 



O 



CM 
CO 



_CD 
CO 

E 

CD 



LO 



Q 
< 
LU 
Q 



o 



GO 



in 

CD 



CM 

co 



oo 

CO 



3 
a. 
c 



o 

CD 



CO 
CO 
CD 



DC S 

a> 2 

o c 
o_ o 

CD CO 

9-8 



O 



CD 



0)Q 

be 



2> |o 



X O' 



co .ffi ^ 52 



CD 



CO 
<D 

O 
O) 

aj 
co 
O 
cn 



lg> o *CD 

= 8. 



O) 



CD 

c o 75 
IE 



co 

CO 
»— 

a> 



CD c 

O 'B 



CD 
CO 



.Q O 

s s 

■55 £ 



CD ^-v 

CO lj 
ZD 



\ 



O 



CO 

O 

CO 
CD 



"8 



CO 



o 

XT 

"55 



cdQ 
be 



CD 



be 



O 



cdQ 
be 



c_> 

o 



CD 

CD ^ ^ 
CO L-J gz 



CO 



CD 



CD 
CD CO 

If 

CO => 



CD 
CD 

"O 
=5 

CD 



O g 

co E 
LU '•«= 



"55 



cz 

CD 

o 



CD 
CO 



CM 
i 

CO 
CD 
CM 



CO 
CO 

r^- 

CM 
CM 



LO 

Q 
O 

CD 
CM 

lZ 

O 



CM 
LO 
CO 



SUBSTITUTE SHEET (RULE 26) 



PCT/US98/23648 



34/96 



C Start ~J 



Select variables 



I 



1860 



Select cases 



I 



1862 



Assemble data 
matrix 



I 



1864 



Apply cluster 
analysis 



1866 




1868 



1870 



Fig. 21 

Example Cluster Analysis Process 



SUBSTITUTE SHEET (RULE 25) 



WO 99/24928 PCTAJS98/23648 



35/96 



Variables 


Typical Class 1 -Profile 


Typical Class 2-Prof He 


City 


Washington, DC 


L^nrvvwilla TM 
rxnOAVlllc, 1 IM 


Av. price of content , 
purchased last 30 days 


$8.79 


.$'1.95 ' ■ 


Number of trips abroad 
in last 2 years 


3 


U 


Type of content most 
frequently purchased 


National and 
international news 


Sports i 


2nd most frequently 
purchased 


Business information' 


1 ] All AlMl f r\ 

Heiigious 


Third most frequently 
purchased . 


Travel information 


h A f\\ nop 

Movies 


Pav per view 


No 


Yes 


Add new controls 
to content 


Yes 


No 


Stated religious 
affiliation 


None 


Methodist 


SRI internet lifestyle 
category 


Surfer 


Worker 


Modification rights 
purchased 


20% of text items 


5% of text items 



Example Classification Output Illustrating Different 
Classes Based Upon Differing Profiles 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



36/96 



PCTAJS98/23648 



Variables 


Factor 1 Loadings 


Factor 2 Loadings 


Region of US 


.82 


•11 


Family income 


.90 


-.09 


Av. price of content 
purchased last 30 days 


.72 


.15 


Number of trips abroad in 
last 2 years 


■91 


.09 


Percent news, business 


.79 


-.12 


Percent entertainment 


-.69 


.21 


Add new controls to content 


.88 


.19 


Religiosity 


-.60 


-.22 


Participates in sports 


-.21 


.87 


Watches team/individual 
sports on TV 


-.11 


.62 


Owns a sports utility vehicle 


.12 


.72 


Consumes beer/wine 


-.18 


.83 


Male/female 


.21 


.92 


Education beyond college 


.45 


-.45 


Buys pay per view 
sports events 


-.25 


.77 


Number of TVs in house 


-.11 


.66 



r . no Example Classification Output Illustrating Principal Components 
r/O. Z6 Analysis On Parameter Data And Categories Data 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



37/96 



/ 



1500 



Specify desired 

appliance 
attribute fields 




Send VDE container 
with "create appliance 
attribute record" method 
and eventjs) 

to VDEadministrator 



Process event(s) using 
"create appliance attribute 
record" method 



Performed by 
Matching & 
Classification 



nit 

900 



1508 



1510 



Process event(s) using 
'create appliance attribute 
record" method 



Performed by 
VDE Administrator 

800 




( 



1516, 



Send VDE container 
with "create appliance 
attribute record" method 
and event(s) 
to VDE administrator 



Send VDE container 
with appliance attribute 
record and event(s) to 

Matching & 
Classification Utility 



( End ) 



1 



1518 



Process event(s) using 

"create appliance 
attribute record" method 



I 



L 



1520 



Send VDE container 

with appliance 
attribute record and 
event(s) to Matching 
& Classification Utility 



Performed by 
Electronic 
Appliance 

100 



Fig. 24 

Example Steps for Collecting Appliance Attribute Data 

SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



38/96 



( Slart ) / 



1506, 1510,1518 



Locate site 
configuration 
record(s) 



1522 



LxatePERCfor 
site configuration 
record(s) 



1523 




Copy required fields to 
appliance attribute record; 
write VDE audit record 




1527 



Fig. 25(A) 

Example Create Appliance Attribute Data Method steps 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




39/96 



Fig. 25(B) 



Locate site 
configuration 
record(s) • 



1528 



Locate PERC for 
site configuration 
record(s) 



1529 




( 



1531 



Report failure 
and 
reason 



X 



1532 



Write 
audit 
record 



Copy required fields to 
appliance attribute record; 
write VDE audit record 



1533 



Create PERC for 
appliance attribute 
record 



1534 



SUBSTITUTE SHEET (RULE 2B) 



WO 99/24928 



PCT/US98/23648 



40/96 



LO 
CO 
LO 



00 
CO 
LO 



S 



co 



eg 



LO 



o 
o 

CD 
LX 



CD 
O 

CO 

CL 
< 

Ql 

E 
as 

X 

LJJ 



CO 
1 

5 



CM 



CO 



CD 
O 



cl 

CL 



00 
CO 
LO 



CD 
CO 
LO 



LO 
CO 
LO 



CD 
O 



co • 



£1-1 

co 
E 

e 

LJJ O 

Q 

> CD 



CD 

"cO 
CO 



a> e> 



CD 
O 

.co o 



CNJ 
O 



LO 



Q 



O 



CO 



LO 

CT> 



CNJ 

CO 



OO 
CNJ 



CO 
CO 
LO 



oo 

S3 



CO 
CO 
LO 



o 
-8 

LO 



CO 
CO 
LO 



CO 
' CO 
LO 



CO 
CO 
LO 




o 
o 

CD 

DC 

0) 




LO 



CD 

o 
cr 

LU g "CD 

'ca 



LU O 



CO 

CO 



o 
o 

CD 

•S E 

03 <D 
CD ^ 



CD 

o 



CNJ 



LO 



CO 
CNJ 



oo 



CNJ 
CO 



CO 
CNJ 



CO 
CO 
LO 



CO 
CO 
LO 



G 
CO 



o 

00 

co 

LO 



CD 

CO 
CO 
LO 



. CO 
CO 
LO 



CO 
CO 
LO 



SUBSTITUTE SHEET (RULE 25) 



WO 99/24928 



PCT/US98/23648 



C Start J 



, Specify 
demographic 
data fields 



1540 



Yes 



Send event(s) to 
"create demographic 
attribute record- 
method 



1544 



41/96 



Performed by Matching 
& Classification Utility 




Matching & Classification 
Utility sends VDE 
container to another , 
commerce utility system 
with "demographic data 
query" method, "create 
demographic attribute 
record" method, and events 



1546 



Process eyent(s) 
using "demographic 
data query" 
method; write 
audit record 



1548 




Process event(s) 
using "create 
demographic attribute 
record" method; write 
audit record 



I 



Other 
commerce 



Send VDE container 
with demographic 
data attribute record 



system 



1554 



No 



( End ) 

FlQ. 27(A) Example Steps for Collecting Demographic Data 




SUBSTITUTE SHEET (RULE 25) 



WO 99/24928 



PCI7US98/23648 



42/96 



0* 



Send VDE container to 
Matching & Classification 
Utility with "required data not 
available" message event 



1556 



1 



Fig. 27(B) 



Matching & Classification 
Utility sends VDE 
container to user with 
"demographic data query" 
and "create demographic 
attribute record" methods, 
and events 



1558 



Process event using 
"demographic data query" 
method; write audit record 



1560 




1564 



Send VDE container 
• to Matching & 
Classification Utility 
with "failure" 
messaae. event 




^1566 

Write 
audit 
record 



Process event(s) using 
"create demographic 
attribute record" method; 
write audit record 



1568 



I 



Send VDE container with 
events, demographic 

attribute record to Matching 
& Classification Utility 



1570 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 / PCT/US98/23648 

43/96 



Demographic Information Questionnaire 

Name: . 

Address: . : 

Address: : . 

City: State: __: Zip: - _ 

Gender (M/F) Date of birth: /_ / 

Education: 

| | Have not graduated high school 

| | High school graduate 

| | Some college 

| | College degree 

| | Some graduate school 

I | Advanced degree 

All Information Will Be Treated As Confidential 



.28 Example Demographic Questionnaire "Pop-Up" Screen 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



44/96 



CVJ 



to 



O 
o 

CD 

DC 



CO 
CO 

5 



LO 

5 



<: 



CO 



CVJ 



<x> 

to 



CO 



In 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




45/96 



Process event(s) using 
"create psychographic 
attribute record" method 



Send VDE container 
with "psychographic data 

query" and "create 
psychographic attribute 

record" methods and' 
events to repositpry(ies) 



Process event(s) using 
"create psychographic 
attribute record" method 



X 



1592 



Send VDE container 
with psychographic 
attribute data record, 
event(s) to Matching & 
Classification Utility 



1586 



1590 



1594 



Send VDE container 

to Matching & 
Classification Utility with 
"failure" message, events 



I 



1 



1596 



Send VDE container to 
user with "collect psycho- 
graphic data," and "create 
psychographic attribute 
record" methods, events 



I 



1598 



Process events using 
"collect psychographic 
data" method 



I 



r 



.1600 



Process events using 
"create psychographic 
attribute record" method 



( Stop ) 

F'lQ. 30 Example Steps for Collecting Psychographic Date 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



46/96 



Today's Anonymous Questionnaire 
Thanks for taking the time to answer these questions . 
We'll put $2.00 in your VDE budget 



1 . Do you feel sad, blue, unhappy or "down in the dumps"? 

□ A. Never 

□ B. Rarely 

□ C. Sometimes 

□ D. Very Often 

□ E. Most of the time 

2. Do you feel tired, having little energy, unable to concentrate? 

□ A. Never 

□ B. Rarely 

□ C. Sometimes 

□ D. Very Often 

□ E. Most of the time 

3. Do you feel uneasy, restless or irritable? 

□ A. Never 

□ B. Rarely 

□ C. Sometimes 

□ D. Very Often 

□ E. Most of the time 

4. Do you have trouble sleeping or eating (too little or too much)? 

□ A. Never 

□ B. Rarely 

□ C. Sometimes 

□ D. Very Often 

□ E. Most of the time 

Q Click here for more questions 



All Information Will Be Treated As Confidential 



. 31 Example Psychogenic Questionnaire "Pop-Up" Screen 

SUBSTITUTE SHEET (RULE 26) 




WO 99/24928 



PCT/US98/23648 



47/96 



CO 



oo 

5 



CO 



LO 

5 



CO 

5t 



CM 
<C 



s 

to 



CD 
CO 



8 

CO 



O 
o 

DC 

eg 




leg ^ 



O 

"co 
o 



CO 

o> 
■c 
o 

O) 
O) 

c5 
o 

CO 

o» 
m 

CO 



-3 55 



C O m 
Ic CD 



CD 

CO £ 



O o 

<2 "co 

§ S | 

S o 

V ^< IE 



CD 



O 
CO 



CD 



LU 

s 

CD 



Q 

CD 
8 



O 

CD 

s 



CD 
CD 

s 



< 

CO 

o 

CD 



OO 



oo 

CD 



^3" 
O 

co 



CM 

S 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



/ ft 



-J 

< CO 

o> o 



1=1 
II 

CO 



CD 



CD 

e 

CO 
CD 

CO 



CO 
O 



cc 

CO 



CD 



CO 



J? 

CD 
CD 
CO 



o 



CD 
CD 

o 



CD C 

:> 



€0 
.Si 
O 

o> 

Cg 
"cS 
O 

m 
• 

GO 
CD 



CD 



V 



C O Q) 

jE ^ 

E 2 

^ o : s 

CD •*=: 

CO £ 



o 5 

£ "jo 
§og> 
9 S 



CVJ 

C\J 

o 

CO 



48/96 



LU 

>CO 
s 



J 



CO 



oo 



Q 

CO 

o 

CO 



O 

CO 

s 



CD 
co 
o 
oo 



< 

CO 

s 



i 



SUBSTITUTE SHEET (RULE 25) 



WO 99/24928 



PCT/US98/23648 



49/96 



( st » rt ) 

▼ 



Send VDE container with 
"send PERCs method," 
event(s) to appliance 



1610 



Fig. 33 



Example Steps For Determining 
Attributes Based On Available 
Rules And Consequences 



Appliance processes 

event(s) using 
"send PERC records" 
method; write audit record 



1612 




1620 



Send VDE container 
. with failure message, 
event; write audit record 




Appliance sends 
container with PERC 
records, event(s) to Matching 
& Classification Utility; 
write audit record 



1616 



I 

Matching & Classification 
Utility processes event(s) 
using "create attribute record 
from PERC records" method 



( S10p ) 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



( ) 



50/96 



Send VDE container 
with "create rules attribute 
record from PERC records" 
method, event(s) to appliance 




f 


Appliance 
event(s) usin< 
attribute r 
PERC reco 
write au 


processes 
3 "create rules 
ecordfrom 
rds" method; 
dit record 



1610' 



1622 




Appliance sends VDE 
container with rules attribute 
record, event(s)to Matching 

& Classification Utility; 
write audit record 



( stop y* 



1620' 



Send VDE container with 
event(s), failure message; 
write audit record 



1624 



Fig. 34 



Example Steps For Determining Attributes 
Based On Available Rules And Consequences 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



f Start } 



Check permissions 

~~T~ 



Open PERC 

T~ 



Copy PERC 
header information 
to attribute record 



I 



Locate 
rights record header 



I 



Copy rights record 
header information 
to attribute record 



I 



Locate right ID 



Copy right ID 
to attribute record 




51/96 



.1630 

1632 
M 



1634 

1636 
< : 



1638 



1640 



1642 



/ 



1618 



© © 



Fig. 35(A) 

Construct Attribute Records From PERC Records Example Method 

SUBSTITUTE SHEET (RULE 26) 




I 



Copy method header Ij, 646 
to attribute record 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



53/96 



( m ) 





r 


Locate 
PERC record 







1660 



Point to PERC 
for 

- -PERC - 



/ 



1630 




( 



1666 



Write 
audit record 




,1674 



Write 
audit record 




,1676 



End 



J 



1678 



( M ) 



Fig. 36 

Check Permissions Record Example Steps 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 PCT/US98/23648 



</> 
O 
DC 
LU 
CL 

E 

o 



o 
o 

CD 

DC 

15 

-Q 



CO 
GO 

co 



cn 



CO 



co 



CO 



5 



co 



CM 



oo 

CO 



Q 

"o 

CD 

la 
O 



CD 

CO 



-a 
o 



CD 



o 



DC 



O 



-a 

o 
o 

CD 
DC 

CD 



"8 



CD 



DC 



o 



CD 




•2> 

LU o 



CO 
co 
co 



-J 



o 
-O — 

O 



CD 



OO 

co 



X 
LU 
IE 



CO 



CO 



54/96 



S 



o 
o 



CD CD 
CD O 

SK 



CD 

a> 

CO 



co E 
LU = 



CD 
Q- 

O 



CD 

CO 



oo 
cr> 
cm 

■ 

CO 
CO 

I 

C\J 

oo 



to 
Q 
O 

CD 
CM 



O 



CO 
CO 



X 

to , 
oo 

CO 



CD 



"8 



0)Q 

be ~ 



O 

CO 
✓ CO 
CO 



co 

CO 
CO 



o 



CD 



o 



CD 



CO 

s 
& 

O 

CO 
CO 
CO 



o 
o 

CD 
DC 

O 
DC 
LU 

a. 

E 
2 

LU 

CO ^- 

o jx — 
o 

CD 

CD O 

2 H 



o 

CO 
. CO 
CO 



CD 

CO 
CO 
CO 



J 



< 

co 

CO 
CO 



J 




CO 
CO 



Lu " 



S 

17 



o 



CD v 

c 



o 

CO 



CD 
CO 
CD 



J 



CO 

s 

L7 



CD 
O 



CO 

CNJ 



CX) 



CD 



CD 
CO 
CNJ 



CM 



CM 

g? 

CM 



CO 

CO 
i 

CM 
CM 



m 
Q 
O 

CD 
CM 



O 



s 

CO 
CO 



CO 
/CO 

'co 



CD 

CO 

s 



co 

CO 

co 



CO 
CO 
CO 



J 



Q 

CO 
CO 
CO 



J 



o 

CO 
. CO 
CO 



CO 
CO 
CO 
CO 



J 



< 

CO 
CO 
CO 



J 



co 
co 



J 



CM 
CO 
CO 



J 



CM 
CO 
CO 



CM 

I 

o 
co 

CO 



s/ 



CO 

t 

o 

CO 
CO 



SUBSTITUTE SHEET (RULE 25) 



WO 99/24928 



PCTAJS98/23648 



55/96 



f Start J 



Fig. 38 



Send VDE container 
with "get URT" method, 
event(s) to VDE appliance 



1690 



Example Steps For Assembling 
Attribute Records Based On 
Rules and Consequences 



VDE appliance processes 
events, using "get URT' 
method; write audit record 



1692 




No 



( 



1696 



VDE appliance 
sends container with 
failure notice, event(s); 
write audit record 



VDE node sends container 
with URT entries to Matching 
& Classification Utility; 
write audit record 



1698 



Matching & Classification 
Utility processes event(s) 
using "create attribute 
record from URT" method 



1700 



( Stop ) 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



56/96 




Send VDE container 
with "create attribute record 
from URT" method, event(s) 
to VDE appliance 


1702 












VDE appliance processes 

event(s) using "create 
attribute record from URT" 
method; write audit record 




J704 




1708 



No 



VDE appliance 
sends container with 
failure notice, event(s); 
write audit record 



VDE appliance sends 
container with URT attribute 
records, event(s) to Matching 

& Classification Utility; 
write audit record 



1710 



( Stop ) 

Fig. 39 

Example Steps For Assembling Attribute Records 
Based On Rules and Consequences 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



f Start J) 



Check permissions 
for URT records 



I 



Locate User 
Rights Table(URT) 



I 



Locate 
URT record 



I 



Locate 
user choice record 



I 



Locate 
rights record header 



I 



Copy rights record 
header information to 
attribute record 



I 



Locate right ID 



I 



Copy right ID to 
URT attribute record 




57/96 



1720 



1722 



1724 
< — - 



1726 
< 



1728 
< 



1730 



1732 



1734 



Fig. 40(A) 

Example Steps To Check 
On Attribute Record From 
A User Rights Table 



© © © 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




58/96 



Locate 




method header 




▼ 




Copy method header 
to URT attribute record 


1738 


1740 




>^ More 
Smethod headers?^ 


Yes 




NoY 




1742 




More 


Yes 



1744 



More user 
choice records? 



0©0 



Yes 



No 



1746 



More URT 
records? 



Yes 



No 



Create PERCfor 
URT attribute records 



( £nd ) 



1748 



Fig. 40(B) 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



59/96 



Fig. 41 



Contruct attribute records from 
PERC records method example 




1720 



\ 





1754 
/ 


► 


Report 




failure 




1762 
/ 




Report 


F ► 


failure 



1756 



1758 
I 



Write 
Audit Record 



1764 

2 



1766 

J 



Write 
Audit Record 



1 


t 


Point to PERC 


for URT 




f 



1768 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



DC 
Z> 

E 

o 



o 
o 
cd 
DC 

CD 



CO 



CO 



CO 



CM 
5 



O 
CD 

o 



CD 

co 



60/96 



CO 



CD 



CM 



DC 
ZD 

E 

o 



o 
o 

CD 
DC 



o 
sz 

"S 



be 



o 



CO 



J 



CO 



J 



O 

CD 



CD Q)Q 

— QC 



< 



CO 



CD 




o 

o 



CD 

o S E 



CD CD 

ECO 
CO 

— - _rr 

CD O 



J 



CD 

o> 

X5 
CO 



-5 g 

CO £= 



CD 



CD 
O 



CD 

CO 



CNJ 
■ 

CO 
CD 
CNJ 

CO 
CO 

CXI 
CNJ 



LO 

O 

CD 
CNJ 

o 



CD 



CO 



CO 



1, 



CD 



be 



CD 



CD 



CO 



E 
o 

CO 
"O 

o 
o 

CD 
DC 
a> 
"5 



0)0 
DC 



Q 
co 



J 



O 
co 



CD 
o 



O 

CD 
CO 



o 



CD 
CO 




-5> 

1 n> 



CNJ 



o 

o 



CD 



j 



CO 
CO 
CO 



co 



CM 
CZ> 



CO 



8 



CO 

CNJ 



co 

L7 



go 



CO 
LO 



LU 

CO 

V 

Q 

co 

L7 



O 

CO 



CD 

co 

CNJ 



CD 
CO 



J 



CNJ 



< 
CO 



j 



CNJ 
■ 

CO 
CD 
CM 

CO 
CO 
t 

cxi 

CNJ 



J 



LO 

Q 
O 

CD 

CNJ 

lZ 
o 



CNJ 



J 



o 



o 



SUBSTITUTE SHEET (RULE 2B) 



WO 99/24928 



PCT/US98/23648 



1 


f 


Matching an 
Event(s) 
"get auc 1 

method, to V 
VDEc 


d Classification 
Utility' send 
it records" 
f DE applicant in 
:ontainer 



61/96 

i ( 

Fig. 43 

Example steps tor assembling 
usage audit records 



1780 



VDE appliance processes events 
using "get audit records" method; 
write VDE Audit Record 



1784 




VDE appliance sends audit 
records, event(s) in VDE container; 
write Audit Record 



Matching and Classification 
Utility processes event(s) 

using "create 
attribute record from audit 

record" method 



T 

Stop ) 



1782 



NO 



1786 



VDE appliance sends container 
with failure notice, event(s); 
write audit record 



1788 





1790 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/2364S 



62/96 



Fig. 44 



Example steps for assembling usage 
audit records 



( Start ^ 

i 



Matching and Classitication 
Utility sends "create attribute 
record from audit record" 
method, event(s) to VDE 
appliance in VDE container 



VDE appliance process event(s) 
using "create attribute record 
from audit record" method 



1796 




VDE sends usage attribute 
records, event(s) in VDE 
container: write audit records 



y 

Stop J 



1792 



1794 



1798 



No 



-2 



VDE appliance sends container 
with failure notice, event(s); 
write audit record 



1799 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCTAJS98/23648 



63/96 



( Start ^ 



Fig. 45(A) 

Example steps to create audit 
attribute records 



Locate UDE audit 
records in secure 
database 



1800 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 

64/96 



Fig. 45(B) 

Example steps to create audit 
attribute records 




attribute record (s) 




SUBSTITUTE SHEET (RULE 26) 



PCTAJS98/23648 



65/96 



cn 

o 
o 

CD 

DC 
"O 

< 

LU 
O 
Z> 

E 
o 



to 

"E 

o 
o 

CD 
DC 

CO 

o 
Id 



CD 

03 
co 



_CD 

E 

CO 
X 
LU 



59. 

CO 



<D 



O 
CD 



0)Q 

ir 



, o 



CD 



ODgj 

be 



CD CO 

-2* o 



-a 
o 



CD 



< « 



be 



o 



CD 



o>0 
be 



*_ CD 
CD -g 



o / 
CO 

oo 



CO 



CD 



J 



CD CD 

ECO 

CD O 

c= ^ 

O o. 



J 



CD 
CD 

Z3 

CD 



8 
oo 

L7 



CD 



CO 



CD 

"S3 



CD 

O 



CD 
CO 



CNJ 
■ 

OO 

a> 

CM 

CO 
CO 
I 

CM 
CM 



LO 

o 

O 

CO 
CM 

LU 

O 



CO 

oo 



CO 
CO 
CO 



X 

. CO 
'CO 
00 



CD 

CO 

s 



LU 

CO 
. CO 
CO 



Q 
co 

CO 

oo 



J 



O 

CO 
- CO 

oo 



CD 
CO 
CO 

oo 

\J 

< 

CO 

s 
17 



co 
oo 



J 



CVi 
CO 

oo 



— CD 



8 



c3 



CD 

Sg 

co -J= 



CD 
CO 



CD 



•y- CO 



?= CD 

If 



O 



o 

CM 



O 
CO 

s 
L7 



CO 

cp 



co 

3 

L7 



LU 

CD 
CO 

CM 
CM 
CO 



UO 

CO 

cB 

CO 
CM 



CO 
. CO 

co 



CO 
CO 
CO 



J 



CO 
CO 
CO 

L7 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 PCT/US98/23648 



67/96. 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT7US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 / PCT/US98/23648 

69/96 



O 

CO 



\ 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



71/96 



to 
o 

LO- 
CO 









I CO 






ULES 


CO 
LU 
I 




RULE 






cr 


ZD 




o 






LU 


cr 




LU 
CO 
<t 






CD 


LU 








<t 


CD 




SS-B 








MA 




CO 
UJ 




cr 








I 




LU 


cc 




3) 




zn 


o 




o 


cc 


LU 


CO 






or 


cc 


CD 


I 






LU 


LU 


CO 


LU 




zn 


zn 


<C 


ZD 


CC 










CL 


o 




s 


5 




SUBSIII U I E SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



72/96 



55 CO -J 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



SECURE DIRECTORY 
SERVICES 

' 600 



I 



NAME 



ADDRESS 



CITY.STATE.ZIP 



PHONE 



FAX 



E-MAIL 



A 


1 


AF 


128 


L 


C 


3 


BC 


56 


M 


F 


9 


AE 


101 


N 


Z 


15 


CF 


7 


O 





CLASS 
AF? 



— "N 
— — • 




57 






CLASS 






AF 





CONTENT 
PROVIDER 





CLASS AF 
Name Address 
Name Address 
Name Address 

1 l * ' 



2718(3) 
2718(2) 
2718(1) 



® 



2714(1) 





AF 






USER 1 
"INTERESTED 
IN AF" PEOPLE 



VDE 



USER 2 
"INTERESTED 
IN AF" PEOPLE 



VDE 



2716(N) 



2716(2) 



USER N 
"INTERESTED 
IN AF" PEOPLE 



VDE 



Fig. 52 Secure Directory Services 

SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



74/96 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



76/96 






SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCI7US98/23648 




SUBSTITUTE SHEET (RULE 25) 




SUBSTITUTE SHEET (RULE 2B) 



WO 99/24928 



80/96 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCI7US98/23648 



82/96 




LU UL ^ 



CO 

CO 
..LULU 
UJDC 2 

<QX 
2<CL 



CO 
Q 

cr 
o 
o 

UJ 

cc 

—I 

< 
o 

Q 
LU 



X 

LU LL S 



CO 

CO . . 
LU LU 
LU DC ^ 
^QO ... 
<QX 
Z <CL 



CO 
Q 
CC 
O 
O 
LU 
DC 

< 

o 

Q 
LU 



CO 

CO . . 

LU LU 

□Jars 
<ox 

2<CL 



CO 
CO 

LU LU 
UJ DC Z 
SOO 
<C O X 

2:<cl 



X 

o 



< 
o 

Q 
LU 



CD 




£8 



lA 



C\J 



yJOcco 

>l£LO 



<OuJ 

p: CC CO 



£8 



\1 



uJOarO 
>5o.o 



I* 

£8 



in 

CO 



FA 



XL 



o o o ^ 



^ o Lu 

2 oc CO 



c\f 

CO 



£8 



IT) 
CO 



2: 

o 



in 

CO 




O <o 
X o 
u-rr 



ScS 
o <9 
xo 
u-rr 



SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




84/96 



GO 
Y— 

LU 

CU 

ZD 
O 



oo 



oo 
o 

CO 
CO 



DC 




LU 










30A 






o 





PS 

oo' 
o 

CD 
CO 

U 



CO 
CO 



iY 



CO 
CO 



a. 

ZD 

o 



teg 



oo 

O 
CO 
CO 



II" 



CO 



o 
o 



CO 

co 

CO 1 



A 


) — 
CC 


\ 




o 






Q_ 
LU 




\ 


CC 


/ 



m a • 



co 
o 



C3 

oo -J 

2 oo O 

5- H- LU CC 

<t O o 

5 £ o ^ 

t DC O 

2 Q_ O 



© 



A 



CO 
N£ CO 

Is 

^ CC 
Q_ 



CSJ 

•co 
co 




o 
o 



CC 



CC 

_ qIUO 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



86/96 



PCTAJS98/23648 




=>3 
O <° 
CC CD 
"-EE 



SUBSTITUTE SHEET (RULE 25) 



WO 99/24928 PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



89/96 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



90/96, 



o 
o 
o 




A 



o 
o 
o 



LU 

|8 

m r^- cvT 
O 

^ O) ^ 

O O LU 
LU Q_ CC 

II 
CO 
CO 

o 



ixi £: 

Z)Q 
OQ 
OS 

<=>o 
zo 

OCC 
OCL 



o 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 

92/96 




SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



CD 
_ CO 

O ^ 



53/96 



CD 
A CO 

o <o 



o 
o 

CO 



\ 



□ □ □ 

□bDbQ 



CO 



; LU , , LU _ UJ , . yj • • • 

8 



.□ □ 




CD 

o S8 

* -d 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCI7US98/23648 



94/96 




o <§ 

DC O 

LL ~ 



SUBSTITUTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 



95/96 




SUBSTmiTE SHEET (RULE 26) 



WO 99/24928 



PCT/US98/23648 




SUBSTITUTE SHEET (RULE 26) 



